RSSD: defend against ransomware with hardware-isolated network-storage codesign and post-attack analysis

Reidys, Benjamin; Liu, Peng; Huang, Jian

doi:10.1145/3503222.3507773

Cited by 14 publications

(6 citation statements)

References 31 publications

(35 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A recent work is reference [223], where a ransomware SSD (State Solid Disk) (RSSD) controller is constructed based on an assisted hardware registry. This keeps old data copies in a conservative way and performs storage requests with a small overhead.…”

Section: Data Sourcementioning

confidence: 99%

Crypto-Ransomware: A Revision of the State of the Art, Advances and Challenges

Gómez Hernández,

García Teodoro,

Magán Carrión

et al. 2023

Electronics

View full text Add to dashboard Cite

According to the premise that the first step to try to solve a problem is to deepen our knowledge of it as much as possible, this work is mainly aimed at diving into and understanding crypto-ransomware, a very present and true-world digital pandemic, from several perspectives. With this aim, this work contributes the following: (a) a review of the fundamentals of this security threat, typologies and families, attack model and involved actors, as well as lifecycle stages; (b) an analysis of the evolution of ransomware in the past years, and the main milestones regarding the development of new variants and real cases that have occurred; (c) a study of the most relevant and current proposals that have appeared to fight against this scourge, as organized in the usual defence lines (prevention, detection, response and recovery); and (d) a discussion of the current trends in ransomware infection and development as well as the main challenges that necessarily need to be dealt with to reduce the impact of crypto-ransomware. All of this will help to better understand the situation and, based on this, will help to develop more adequate defence procedures and effective solutions and tools to defeat attacks.

show abstract

Section: Data Sourcementioning

confidence: 99%

Crypto-Ransomware: A Revision of the State of the Art, Advances and Challenges

Gómez Hernández,

García Teodoro,

Magán Carrión

et al. 2023

Electronics

View full text Add to dashboard Cite

show abstract

“…This led to a notable transition in the ransomware landscape, where recent trends have witnessed a pivot towards ransomware strategies that prioritize data exfiltration [10,11]. This new breed of ransomware, exemplified by groups like Royal and Ragnar Locker, has adopted a dual-threat approach that combines the conventional method of encryption with the additional threat of exposing stolen data [5,12].…”

Section: Ransomware Evolution and Trendsmentioning

confidence: 99%

“…The progression from crypto-ransomware to ransomware that prioritizes data exfiltration signifies a more complex and menacing threat environment [4,5,12]. Data exfiltration, which entails the unauthorized copying, transferring, or retrieving of data from a computer or server, represents a ransomware variant that is frequently carried out through network channels [11,13,14].…”

Section: Introductionmentioning

confidence: 99%

Analyzing Data Theft Ransomware Traffic Patterns Using BERT

Almeida,

Vasconcelos

2023

Preprint

View full text Add to dashboard Cite

This research looks into the evolving dynamics of ransomware, shifting from conventional encryption-based attacks to sophisticated data exfiltration strategies. Employing the Bidirectional Encoder Representations from Transformers (BERT) model, the study analyzes network traffic patterns to detect ransomware activities, offering new insights into their covert operations. The findings emphasize the need for advanced AI tools in cybersecurity, highlighting the significance of adapting and innovating defense strategies to counter the changing landscape of ransomware threats. The study contributes to a deeper understanding of ransomware evolution and underscores the importance of integrating AI in cybersecurity practices.

show abstract

“…Performance of RSSD: Our evaluation shows that (1) RSSD can retain the stale data for a much longer time than state-of-the-art approaches, over 200 days in our evaluation (see Figure 2); (2) It has less than 1% negative impact on storage performance and minimal impact on device lifetime; (3) It performs fast data recovery after attacks; (4) It enables efficient post-attack analysis by building a trusted chain of I/O operations (see [3] for the full evaluation).…”

Section: Implementation Of Rssdmentioning

confidence: 99%

RSSD: defend against ransomware with hardware-isolated network-storage codesign and post-attack analysis

Reidys

Liu

Huang

2022

Proceedings of the 27th ACM International Conference on Architectural Support for Programming Languages and Operating Systems

Self Cite

View full text Add to dashboard Cite

Encryption ransomware has become a notorious malware. It encrypts user data on storage devices like solid-state drives (SSDs) and demands a ransom to restore data for users. To bypass existing defenses, ransomware would keep evolving and performing new attack models. For instance, we identify and validate three new attacks, including (1) garbage-collection (GC) attack that exploits storage capacity and keeps writing data to trigger GC and force SSDs to release the retained data; (2) timing attack that intentionally slows down the pace of encrypting data and hides its I/O patterns to escape existing defense; (3) trimming attack that utilizes the trim command available in SSDs to physically erase data.To enhance the robustness of SSDs against these attacks, we propose RSSD, a ransomware-aware SSD. It redesigns the flash management of SSDs for enabling the hardware-assisted logging, which can conservatively retain older versions of user data and received storage operations in time order with low overhead. It also employs hardware-isolated NVMe over Ethernet to expand local storage capacity by transparently offloading the logs to remote cloud/servers in a secure manner. RSSD enables post-attack analysis by building a trusted evidence chain of storage operations to assist the investigation of ransomware attacks. We develop RSSD with a real-world SSD FPGA board. Our evaluation shows that RSSD can defend against new and future ransomware attacks, while introducing negligible performance overhead.

show abstract

RSSD: defend against ransomware with hardware-isolated network-storage codesign and post-attack analysis

Cited by 14 publications

References 31 publications

Crypto-Ransomware: A Revision of the State of the Art, Advances and Challenges

Crypto-Ransomware: A Revision of the State of the Art, Advances and Challenges

Analyzing Data Theft Ransomware Traffic Patterns Using BERT

RSSD: defend against ransomware with hardware-isolated network-storage codesign and post-attack analysis

Contact Info

Product

Resources

About