Ransom Access Memories - Achieving Practical Ransomware Protection in Cloud with DeftPunk

Explore a 15-minute conference talk from USENIX OSDI '24 that delves into the development of DeftPunk, a novel ransomware detection and recovery system for cloud block stores. Learn about the unique IO characteristics of ransomware that led to the creation of this block-level solution. Discover how DeftPunk utilizes a two-layer classifier for swift and accurate detection, implements pre- and post-attack snapshots to prevent data loss, and leverages log-structured support for efficient recovery. Gain insights into the system's performance, which demonstrates nearly 100% recall across 13 types of ransomware with minimal runtime overhead, as evidenced by large-scale benchmarking.