‘Time-Travel’ Feature Added to Flash-Based Drives Can Address Ransomware Attacks

Researchers said computer operators can deal with ransomware through a “time-traveling” tool in solid-state drives.

A team from the University of Illinois published a research paper showing this process. The paper is titled “Project Almanac: A Time-Traveling Solid State Drive.” Students Chance Coats and Xiaohao Wang and Assistant Professor Jian Huang from the university’s Coordinated Science Laboratory were the authors.

The paper explains how computer operators can take advantage of the properties flash-based drives to thwart ransomware attacks.

People can find these flash-based, solid-state storage devices in many laptops, desktops, mobiles, and IoT devices.

Meanwhile, ransomware is a malware that allows hackers to access files. Upon establishing a connection to the files, they can encrypt them while deleting the unencrypted data. Hackers would then demand money to give the hijacked files back.

'Time-Travel' Feature Added to Flash-Based Drives Can Address Ransomware Attacks

How ‘time-travel’ feature fights attacks

When a user modifies a file on the computer, the solid-state drive saves the updated version to a new location. This storage device type does this rather than deleting the old file version immediately.

The old versions are significant in thwarting ransomware attacks. When there is an attack, operators can use the solid-state device to revert to a previous version of the file. The tool the team has developed would also help when a user accidentally deletes one of their files.

However, users should be aware of a trade-off.

When writing new data, the system should save it to a free block or a block that had already been deleted. Typically, a solid-state drive would delete old versions so that it can erase blocks in advance. But because the drive keeps the old versions intentionally, it may need to transfer the old versions before writing new ones.

Coats described this trade-off as one between “retention duration and storage performance.”

To address this trade-off, the team developed a built-in functionality for the tool. Through this, users can monitor and adjust these system parameters from time to time.

Despite the frequent changes to system parameters, their tool guarantees data will get stored for at least three days.

This property gives users the option to back up their data within the guaranteed time-period.

The concept behind the tool of the team has gained interest from international experts. In the spring of last year, Coats represented the group in presenting the paper at EuroSys. EuroSys is a yearly top-tier conference where R&D professionals from academia and industry meet.

Huang said the group would study the possibility of maintaining data in a storage device for a longer time with a lower performance overhead. They are also looking to apply time-traveling solid-state drive to more extensive applications like systems debugging and digital forensics.