'Time-travel' feature in flash storage drives may fight ransomware attacks
Bengaluru: Ransomware, deployed by financially-motivated hackers who run their operations under the aegis of organized criminal organizations, is clearly on the rise.
With more businesses moving their operations online, vast amounts of financial and critical business-related data is now stored in data centres. For cybercriminals, this is a huge opportunity as they can not only break into company systems and steal data, but also take control and lock out the owners of their own systems and then ask for a ransom amount to unlock those files.
Security experts point out that while most of the ransomware attacks such as WannaCry and Petya initially didn’t have any specific target, cybercriminals have changed tactics.
For instance, the Petya ransomware had affected 2,000 enterprises in 65 countries by locking out users out of their own systems. And the hacker arrested by the US department of justice in September 2018 for the WannaCry ransomware attack of 2017, for instance, was part of a criminal organization called the Lazarus Group with alleged links to the North Korean government.
While companies and cybersecurity firms continuously release software and patches to tackle ransomware, those who suffer the misfortune of being locked out of their systems generally end up paying the ransom and losing their data too.
University of Illinois students Chance Coats and Xiaohao Wang and Assistant Professor Jian Huang from the Coordinated Science Laboratory believe they may have a solution to tackle ransomware. In the paper ‘Project Almanac: A Time-Traveling Solid State Drive’, they explore how they can use the commodity storage devices already in a computer, to save the files without having to pay the ransom.
“The paper explains how we leverage properties of flash-based storage that currently exist in most laptops, desktops, mobiles, and even IoT devices” said Coats, a graduate student in electrical and computer engineering (ECE), in a press statement.
The flash-based, solid-state drives Coats mentioned are part of the storage system in most computers. When a file is modified on the computer, rather than getting rid of the old file version immediately, the solid-state drive saves the updated version to a new location. Those old versions are the key to thwarting ransomware attacks. If there is an attack, the tool discussed in the paper can be used to revert to a previous version of the file. The tool would also help in the case of a user accidentally deleting one of their own files.
However, like any new tool, there is a trade-off. “When you want to write new data, it has to be saved to a free block, or block that has already been erased,” said Coats. “Normally a solid-state drive would delete old versions in an effort to erase blocks in advance, but because our drive is keeping the old versions intentionally, it may have to move the old versions before writing new ones.” Coats described this as a trade-off between retention duration and storage performance.
To manage this trade-off, Huang and his students built in functionality for the tool to monitor and adjust these parameters dynamically. Despite the dynamic changes to system parameters, their tool guarantees data will be retained for at least three days. This allows users the option to backup their data onto other systems within the guaranteed time-period if they choose to do so. The paper about this research was published at a top-tier system conference, EuroSys, this past spring. Coats represented the group at the conference.
“Moving forward, our group will look at the possibility of retaining user data in a storage device for a much longer time with lower performance overhead, and applying the time-traveling solid-state drive to wider applications such as systems debugging and digital forensics,” said Huang, an assistant professor of electrical and computer engineering at Illinois.