Researchers Bake Malware Protection Directly Into SSDs

An international team of researchers has developed an SSD security solution that acts at the controller firmware level, meaning the feature is baked right into the storage device to detect out-of-the-ordinary activity that signals a ransomware infection and its attempt to encrypt your data. According to the researchers, the method degrades performance slightly, to the tune of a 17% latency performance decrease and a maximum of 8% lower throughput. The solution is said to be easily integrated into the SSD manufacturing chain, and aims to become an integral barrier on commercial SSD solutions to the ransomware problem - made all the more graver due to most users not deploying ransomware-focused (or at the very least, ransomware-aware) security solutions. This research differs from other SSD-bound security solutions in that it is completely hardware-based and can purportedly repair the damage done by ransomware attacks. 

"I came up with the idea of firmware level detection because I know that many [users] don't install anti-ransomware software," DaeHun Nyang, Ph.D., at EWU told The Register of the origin of the team's research project. "So I thought that it would be good if we can protect people not having anti-ransomware installed on their computers by providing them with an anti-ransomware-intrinsic SSD."

The Register asked for commentary on the proposed SSD-Insider++ solution against the ransomware scourge, with ESET UK security expert Jake Moore saying that "Unfortunately, this new feature may not be foolproof. The function leverages a delay in deletion which means that ransomware developers would and could still bypass this feature with the knowledge of how this antidote operates." But of course, that is true of any security solution: bad players will always attempt to subvert them, forcing a permanent game of catch between security and intrusion.

Francisco Pires
Freelance News Writer

Francisco Pires is a freelance news writer for Tom's Hardware with a soft side for quantum computing.

  • drajitsh
    Seems like a pretty good thing to me, despite the latency degradation.
    As far as I am aware ransomware protection available to a individual consumer basically asks you to specify critical folders, after which it basically stops any modification to them.
    If there is a software which is relatively inexpensive (<50$), simple and unobstrusive, I would LOVE to know about it.
    Reply
  • SyCoREAPER
    Awesome concept and I think a good compromise (from the performance hit). But only so long as the controller resets itself, which I imagine it would, during a reformat to get that performance back.
    Reply