Next-Gen Safeguard: Detection and Recovery from Ransomware for Attacks to Data in Motion
Coach Name
Jordi Bosch i Garcia
EU Organization
Universitat Politècnica de València (UPV)
Members
- Carlos E. Palau
- Carlos Guardiola
- Ignacio Lacalle
- Clara Isabel Valero
- Raúl Reinosa
US Organization
University of Wisconsin-Madison
Members
- Elisa Heymann
Project Overview
GUARDIAN focuses on developing a cutting-edge software tool to detect and mitigate ransomware attacks, particularly those targeting data in motion. The project is centered on the creation of a testbed environment that simulates ransomware attacks using File System Access (FSA) methods to encrypt data during transmission.
With its user-centric design, GUARDIAN aims to provide a simple-to-install and easy-to-understand solution for end users and organizations to detect these complex cyber threats in their early stages, allowing for timely intervention and data recovery.
Methods and approaches
FSA-Based Ransomware Simulation
Developing a simulated environment that models ransomware attacks on data during transmission, specifically targeting the client-server communication.
AI-Powered Detection Tool
Integrating AI algorithms to detect and prevent ransomware attacks on data in motion by identifying anomalies and malicious patterns in real-time.
Testbed and Demonstrator
Building a virtualized testbed that replicates the conditions of a ransomware attack on data in motion, with active monitoring and intervention strategies.
Key Achievements
Prototype Development
Successfully created and deployed the GUARDIAN detection toolkit and testbed, demonstrating its effectiveness in identifying ransomware attacks during data transfer.
Public GitHub Repository
The GUARDIAN tools and testbed have been made publicly available on GitHub, ensuring transparency and fostering further research and development within the open-source community.
International Outreach
Presented findings and results at the IEEE Cybersecurity and Resilience Conference 2024 and organized a cybersecurity seminar featuring distinguished professors from the University of Wisconsin.
Collaboration with Universities
Collaborative events and workshops were held with UPV and the University of Wisconsin to promote knowledge exchange and enhance.
Impact & Results
Early Ransomware Detection
The GUARDIAN toolkit provides effective early detection of ransomware attacks targeting data in motion, significantly reducing the window of opportunity for attackers.
Enhanced Cybersecurity Resilience
By simulating realistic ransomware attack scenarios, GUARDIAN enables businesses and organizations to better prepare for and mitigate these threats, enhancing overall cybersecurity resilience.
Contribution to Cybersecurity Research
GUARDIAN has contributed valuable insights to the cybersecurity field, particularly in the domain of ransomware detection, by exploring new attack vectors targeting data in motion.
Open-Source Community Engagement
The project’s commitment to open-source principles has allowed for widespread access to the toolkit and testbed, enabling collaboration with cybersecurity researchers and practitioners.
Publications and Open-Source Contributions
IEEE Cyber Security and Resilience Conference 2024: “Empirical Analysis and Practical Assessment of Ransomware Attacks on Data in Motion.”
GUARDIAN GitHub Repository:
Social Media Dissemination: LinkedIn Post
Future directions
Commercialization and B2B Focus
The team is working towards turning GUARDIAN into a commercially viable solution, particularly targeting large enterprises and cybersecurity service providers.
AI Model Enhancement
Continued development of AI-based detection algorithms to improve the accuracy and speed of ransomware detection.
Expanding the Testbed
Further expansion of the testbed to simulate more complex attack scenarios and improve the robustness of detection tools.
Collaborations with Industry Leaders
Engaging with industry leaders and cybersecurity firms to integrate GUARDIAN into broader enterprise cybersecurity frameworks.