A Ransomware-Aware Solid-State Drive [1]
As of 2025, ransomware attacks occur every 11 seconds, with victims including individuals, schools, governments, hospitals, police departments, businesses, and more. These attacks can be expensive in terms of both operations downtime and ransoms actually paid, with many victims finding themselves subject to repeated attacks or continued withholding of systems/data even upon payment of ransom. Existing solutions are expensive, struggle to adapt to the rapid pace of malware innovation, and often rely on manual processes and systems (e.g., backups to physical hard drives) that may be time-consuming and unreliable.
Dr. Jian Huang at the University of Illinois Urbana-Champaign has developed a suite of solid-state drive (SSD) technologies (which could be developed into a single product or commercialized separately) that offer hardware and firmware-level solutions to protect machines from ransomware attacks and mitigate potential damage/loss. The TimeSSD firmware and TimeKit toolkit use intrinsic flash properties to retain the history of past storage states for up to several weeks without dedicated data backups. The technology can significantly enhance the security of flash-based storage systems while incurring negligible performance overhead for the majority of common applications. TimeSSD and TimeKits functionalities can provide flexibility and facilitate more efficient, secure system functions such as protecting against malware or encrypted ransomware attacks that corrupt files in storage, recovering user files, retrieving update logs, and providing an evidence chain for storage forensics. Rollback to a previous consistent state may be achieved with minimal software involvement. Dr. Huang's ransomware-aware solid-state drive (RSSD), meanwhile, hardens systems against ransomware attacks by transferring data to a cloud server through NVMe over Ethernet. RSSD faces no performance impacts and even allows for post-attack analysis to carefully identify the cause and methodology of any ransomware attacks faced by the RSSD. RSSD enhances security support from typical ransomware attacks which assume conventional SSDs perform like HDDs by preemptively protecting against 3 novel types of ransomware attacks designed by Dr. Huang. Furthermore, RSSD ensures that stale data is not discarded after a limited amount of time as current SSDs behave, instead opting to allocate the stale data to the cloud storage in a time-dependent order. This cloud storage effectively removes the limitation of storage on SSDs by providing a space to store an infinite amount of data. The NVMe over Ethernet is the novel design that serves to protect from ransomware attacks the transfer of data from the local SSD to the cloud storage.
Benefits
- Inexpensive
- Easily integration into conventional solid-state hard drive technologies
- Allows for rapid forensics following malware attack
- Inherent resiliance to malware compromises (unlike existing antivirus software which itself is susceptible to attack/corruption by bad actors
- Can extend life and performance of SSD by more evenly distributing write processes
Media
https://techxplore.com/news/2019-05-time-travel-feature-ransomware.html#google_vignette [2]