MimosaFTL: Adding secure and practical ransomware defense strategy to flash translation layer
Ransomware attacks have become prevalent nowadays due to sudden flourish of cryptocurrencies. Most existing defense strategies for ransomware, however, are vulnerable to privileged ransomware who can compromise the operating system and hence any backup data stored locally. The out-of-place-update and the isolation nature of flash memory storage, for the first time, makes it possible to design a defense strategy which is secure against the privileged ransomware. In this work, we propose MimosaFTL, a secure and practical ransomware defense strategy for mobile computing devices equipped with flash memory as external storage. MimosaFTL is secure against the privileged malware by taking advantage of unique characteristics of flash storage. In addition, it is more practical (compared to prior work) for real-world deployments by: 1) incorporating a fine-grained detection scheme which can detect presence of ransomware accurately; and 2) allowing the victim to efficiently restore the infected external storage to the exact point when the malware starts to perform corruption. Experimental evaluation shows that, MimosaFTL can mitigate ransomware attacks effectively with a small negative impact on both I/O performance and lifetime of flash storage.
Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy
MimosaFTL: Adding secure and practical ransomware defense strategy to flash translation layer.
Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy, 327-338.
Retrieved from: https://digitalcommons.mtu.edu/cs_fp/13