ITI researcher leads $1M effort to recover encrypted data from ransomware attacks
When hackers attack a computer and install ransomware, it often goes undetected until after the damage is done. The sensitive data from the computer has already been encrypted, and the user must pay to get their data back. This is an issue faced by industry, academia, and government organizations alike. In a new $1 million project funded by the Army Research Laboratory, ITI researcher Jian Huang is working to find a way to back up data before it is encrypted.
“The main idea behind this research is that we leverage the flash-based storage drive to recover user data after it gets attacked by ransomware,” said Huang, assistant professor in electrical and computer engineering.
In “RAfFLE: Ransomware-Aware Flash-based Storage,” Huang, along with collaborators at Penn State University and Intelligent Automation Inc., are building on previous research developed at the University of Illinois at Urbana-Champaign. They hope to develop a system prototype that can recover the data after ransomware has been detected.
Many security companies are working on ransomware detection, but the approach taken by Huang’s group is different. Current strategies use a software approach and relies on the computer’s operating system (OS), whereas Huang and his colleagues are using a hardware-assisted approach relying on flash-based storage drives.
“There are two major differences in our approaches, with the first one being the reliance on OS software. Our solution will still work even if an OS is compromised,” said Huang, a CSL researcher. “Second, much of the existing work focuses on detection of an attack, and we focus on data recovery. The attack is happening but damage is done, we want to recover the data from the damage for users.”
The technology has a broad array of applications from saving student dissertations from personal laptops to saving hospital patient data after a ransomware attack, and preliminary tests have been promising. The group has tested their prototype against WannaCry ransomware attacks and had success in recovering the data encrypted by the ransomware.