How Network Segregation, Segmentation Can Stop Ransomware Attacks
Health IT Infrastructure to Combat Growing Ransomware Threats
“We developed this technique using the unique properties of the SSD. When you save a file to the SSD, you assume that the new data will override the original data. With our solution, the data is saved to a new block, and the old data is still stored in the flash chip,” explained Jian Huang, assistant professor of electrical and computer engineering at University of Illinois' Coordinated Science Laboratory.
“Our solution works even if your OS is compromised by the ransomware because the attackers can’t get access to the data on the flash chip,” Huang, who headed the team of researchers, told HITInfrastructure.com .
Jian Huang
Source: The Grainger College of Engineering
For years, ransomware attacks have plagued healthcare organizations because they are attractive and lucrative targets. According to the latest 2019 Data Breach Investigations Report (DBIR) from Verizon, ransomware attacks account for 70 percent of all malware incidents in the healthcare industry. This compared with one-quarter of malware incidents across industries.
Huang said that his group’s solution can be used by healthcare organizations in two ways. First, it can be used to back up patient data in computers at doctors’ offices and hospitals. “You use a modified SSD and plug it into the computer. If the computer is compromised, the SSD can be removed and the data recovered,” he explained.
Second, it can be used for wearable health and Internet of Things devices, which also use flash-based storage.
“Our solution can also be applied to the mobile platform, wearable devices, and IoT devices. If the hackers compromise your smartwatch to get your data, we can recover the data from the flash-based device,” he added.
Addressing the Trade-Off Between Data Retention and Performance
With the solution, there is a trade-off between retention duration and storage performance.
If the tool’s parameters are set to maintain data for too long, unnecessary versions will be kept and take up space on the storage device. As the device fills with old file versions, the system takes longer to respond to typical storage requests and performance degrades.
If the parameters are set to a retention window that is too narrow, users would have a quicker response time, but they may not have all their backup files saved should a ransomware attack occur.
To address this issue, the research team built in functionality to monitor and adjust the parameters dynamically. Despite the dynamic changes to system parameters, their tool retains data for at least three days, enabling users the option to back up their data on other systems within that time period.
Huang said that his group is also working on compression technology to enable longer retention of data. “In today’s SSDs, you already have the embedded CPU. We can leverage that for data compression to make sure the data can be retained longer.
Huang predicted that his group’s solution would be commercialized soon. He said that the solution can already be used with an open computing platform that allows the firmware to be modified.
He has been in talks with SSD startups about integrating the solution into their products. The next step is to talk with large SSD vendors, such as Intel and Samsung, about changing their firmware so that the solution can be used with their devices.
“If the large vendors are willing to incorporate our solution, it should be commercialized quickly,” Huang concluded.