Opal Hard Drives for Ransomware Resilience

Russ Fink, Ph.D.
Senior Staff, the Johns Hopkins University / Applied Physics Laboratory
UMBC Ph.D. 2010

Friday, April 10, 2020
remotely via WebEx: umbc.webex.com/meet/sherman


Ransomware is a crippling industry and government alike. Paying the ransom doesn’t guarantee you’ll get your files back, but it funds the criminals who will continue on. Restoring from traditional network backups takes time, and never gets you back to the system you had before the attack. In response, we have developed a resilient, local malware restore and recovery capability, capable of quickly restoring OS images onto “bare metal” after an attack or misconfiguration, useful for many applications.

I will discuss the technical details, including a description of the Opal hard drive specification, the Trusted Computing Group’s Trusted Platform Module (TPM), and how we secure secrets needed for WUBU – Wake-Up-Back-Up. I’ll talk through some of the open-source technologies that we used to build our solution. WebEx willing, I will give a live demonstration of a ShinoLocker ransomware infection, followed by an “as if nothing ever happened” recovery that takes only ten minutes.

About the Speaker:

Russ Fink is a senior staff member at the Johns Hopkins University / Applied Physics Laboratory. His research interests include computational private information retrieval, trusted computing applications, applied cryptography, and enterprise and mission cyber resiliency techniques. He earned a Ph.D. in computer science from UMBC in 2010 working with Dr. Alan Sherman.

E-mail: Russ.Fink@jhuapl.edu


Alan T. Sherman, sherman@umbc.edu

Support for this event was provided in part by the National Science Foundation under SFS grant DGE-1753681.