Your SSD may soon be able to detect ransomware attacks

News
By published

Best of all, the additional functionality comes with only a minor increase in latency

An abstract image of padlocks overlaying a digital background.
(Image credit: Shutterstock)

Academic researchers have conjured up a novel idea to thwart ransomware attacks using firmware that can block write access to solid-state disks (SSD) as soon as it detects patterns matching such an attack.

The idea about the intelligent firmware, dubbed SSD-Insider++, has been proposed by a team of researchers that includes engineers from Korea’s Inha University, Daegu Institute of Science and Technology, and the Cyber Security Department at Ewha Womans University (EWU) as well as a researcher from the University of Central Florida in the US.

“I thought that it would be good if we can protect people not having anti-ransomware installed on their computers by providing them with an anti-ransomware-intrinsic SSD,” DaeHun Nyang, PhD, at EWU told The Register.

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window <<

One of Nyang’s colleague working on NAND flash backed the idea owing to the memory’s delayed deletion attribute.

Minor overhead

The researchers have proposed their idea in a paper titled SSD-Insider++, SSD-Assisted Ransomware Detection and Data Recovery Techniques

Parsing the paper, The Register explains that SSD-Insider++, which runs on the SSD controller, keeps its eyes peeled for patterns of drive activity that correspond to ransomware attacks. 

As soon as it detects malicious activity, the mechanism disables input/output to the storage device, giving users the opportunity to remove the offending process that initiated the encryption.

Furthermore, SSD-Insider++ can also reportedly reverse any damage to data in a matter of seconds, by leveraging the operational characteristics of an SSD to instantly roll back any infected files.

According to the researchers, SSD-Insider++ had a 100% success rate with both in-the-wild and lab-grade malware, and even managed to reverse the damage within ten seconds. 

Best of all, thanks to its implementation on the firmware, the mechanism only increases latency between 12.8%-17.3% with a throughput drop that maxed out at 8%.

Via The Register

Mayank Sharma
Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Read more
A computer being guarded by cybersecurity.
The impact of the cyber insurance industry in resilience against ransomware
Representational image of a hacker
Best ransomware protection of 2025
A laptop with a red screen with a white skull on it with the message: &quot;RANSOMWARE. All your files are encrypted.&quot;
AWS S3 feature abused by ransomware hackers to encrypt storage buckets
Hands typing on a keyboard surrounded by security icons
35 years on: The history and evolution of ransomware
Representational image of a cybercriminal
Microsoft discovers five potentially damaging attacks against its own software
An image of network security icons for a network encircling a digital blue earth.
Why effective cybersecurity is a team effort
Latest in Security
A digital representation of a lock
NYU website defaced as hacker leaks info on a million students
NHS
NHS IT supplier hit with major fine following ransomware attack
Data leak
Top home hardware firm data leak could see millions of customers affected
Representational image depecting cybersecurity protection
Third-party security issues could be the biggest threat facing your business
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Android Logo
Devious new Android malware uses a Microsoft tool to avoid being spotted
Latest in News
An image of the Nintendo Switch 2
Nintendo Switch 2 pre-orders will start on April 2 according to Best Buy Canada
Person printing
Microsoft’s latest Windows 11 update exorcises possessed printers that spewed out pages of random characters
Pro-Ject A1.2 in black, playing a vinyl record in a hi-fi listening room
Pro-Ject's new fully-automatic turntable could be the buy of Record Store Day 2025
Intergalactic: The Heretic Prophet
Intergalactic: The Heretic Prophet reportedly won't release until after 2026, as Neil Druckmann says that staff 'are playing it at the office' right now - but I don't think I can wait that long
Screenshot from action RPG soulslike Lies of P
Lies of P Overture won't elaborate on the game's eyebrow-raising post-credits twist, and I think that's good news
Nintendo Switch 2
The Switch 2 launching with a Mario Kart game 'is very unlike Nintendo' compared to the original Switch releasing with Breath of the Wild, says former marketing leads: 'That's what's gonna make you want to buy the new hardware'
More about security
A digital representation of a lock

NYU website defaced as hacker leaks info on a million students
NHS

NHS IT supplier hit with major fine following ransomware attack
Person printing

Microsoft’s latest Windows 11 update exorcises possessed printers that spewed out pages of random characters
See more latest
Most Popular
Person printing
Microsoft’s latest Windows 11 update exorcises possessed printers that spewed out pages of random characters
An image of the Nintendo Switch 2
Nintendo Switch 2 pre-orders will start on April 2 according to Best Buy Canada
Freddie Prinze Jr., Sarah Michelle Gellar, Matthew Liliard and Linda Cardinelli in Scooby Doo 2: Monsters Unleashed
Netflix is firing up the Mystery Machine with a live action Scooby-Doo series
A digital representation of a lock
NYU website defaced as hacker leaks info on a million students
Sama virtual assistant
Speak, Book, Fly. Qatar Airways debuts industry-first AI travel agent, Sama
An Apple Lumon Terminal Pro computer next to a keyboard with Severance-themed keycaps
You sadly can't buy Apple's Lumon Terminal Pro computer, but here's where to get the Severance-style keycaps
Pro-Ject A1.2 in black, playing a vinyl record in a hi-fi listening room
Pro-Ject's new fully-automatic turntable could be the buy of Record Store Day 2025
Intergalactic: The Heretic Prophet
Intergalactic: The Heretic Prophet reportedly won't release until after 2026, as Neil Druckmann says that staff 'are playing it at the office' right now - but I don't think I can wait that long
Kindle de Amazon
The latest Kindle update finally fixes page turning – and adds the perfect reading tool for my sieve-like brain
Screenshot from action RPG soulslike Lies of P
Lies of P Overture won't elaborate on the game's eyebrow-raising post-credits twist, and I think that's good news