Slashdot Mirror

← Back to Stories (view on slashdot.org)

New R2D2 Technique Protects Files Against Wiper Malware, Secure Delete Apps (bleepingcomputer.com)

Posted by msmash on from the how-about-that dept.

An anonymous reader writes: Purdue University scientists have developed a data protection technique called Reactive Redundancy for Data Destruction (R2D2) that can safeguard data sitting inside a virtual machine from modern data-wiping malware and even some secure file deletion methods. The technique was developed to protect enterprise systems, which are often running inside VMs.

Researchers say the new technique was successful in preventing wiper malware such as Shamoon (v1 and v2), StoneDrill, and Destover from deleting data during their experiments, but it was able to prevent data deletion attempted with legitimate "secure delete" applications. When such operations are detected, R2D2 runs each one through a series of policies that evaluate the operation for known destructive patterns. If the scan triggers a warning, the VM creates a temporary checkpoint that a human operator can use as a system restore point.

7 of 47 comments (clear)

  1. The only problem with this technique... by K.+S.+Kyosuke · · Score: 4, Funny

    You need three CPUs to run it properly!

    --
    Ezekiel 23:20
  2. Purdue University scientists waste time and money by Anonymous Coward · · Score: 2, Insightful

    I have an even better method for protecting files against deletion. One that is proven and robust. It's called a "backup".

  3. Getting sued by Disney 3.. 2.. 1.. by Rick+Schumann · · Score: 2

    Or at least issued a DMCA Takedown Notice, for daring to use 'R2D2' without paying royalties, or at least they express written permission.

  4. Cat and mouse game. by Gravis+Zero · · Score: 2

    If this is widely deployed the malware writers will just change tactics. Instead of destroying data completely, they will simply begin alter files to the point where they are no longer useful. The more intelligent and insidious malware writers will gradually introduce more and more errors into databases that make it into backups. Eventually it will be discovered but if an unknown percentage of your database and it's backups contain incorrect information then you are going to have a bad time.

    --
    Anons need not reply. Questions end with a question mark.
  5. Bad name choice by Daetrin · · Score: 2

    They should have called it OB1.

    These are not the files you're looking for. *waves hand*

    (I leave it up to someone else to come up with a good backronym.)

    --
    This Space Intentionally Left Blank
  6. Unfortunately by DontBeAMoran · · Score: 4, Funny

    Unfortunately, this new technique is still vulnerable to Cryptographic Core Computing Processing Overload.

    --
    #DeleteFacebook
  7. Calling it R2D2 by jamesjw · · Score: 2

    Is it called R2D2 because the normal case of secure delete the system admins say "What the bleep-bloop have you bleepy-blarp done? You stupid bloopy-blip!!" ?

    --
    -- If at first you don't succeed, lie!