Next-Gen Safeguard: Detection and Recovery from Ransomware for Attacks to Data in Motion

Coach Name

Jordi Bosch i Garcia

EU Organization

Universitat Politècnica de València (UPV)

Members

  • Carlos E. Palau
  • Carlos Guardiola
  • Ignacio Lacalle
  • Clara Isabel Valero
  • Raúl Reinosa

US Organization

University of Wisconsin-Madison

Members

  • Elisa Heymann

Project Overview

GUARDIAN addresses one of the most critical cybersecurity threats today: ransomware attacks targeting data in motion. These attacks operate stealthily, often infiltrating systems using compromised credentials and silently encrypting files over time, including backups—creating a double threat to data availability and integrity.

The project developed a software toolkit for early detection, mitigation, and recovery of ransomware attacks, focusing on pre-execution detection—before irreversible damage occurs.

By combining advanced monitoring, anomaly detection, and user-centric design, GUARDIAN enables users to identify vulnerabilities, detect malicious behaviour, and maintain operational continuity, contributing to a safer and more resilient digital environment aligned with NGI Sargasso’s vision.

Methods and approaches

Multi-layered Detection Using AI and Behavioural Analysis

GUARDIAN adopts a multi-layered cybersecurity approach, combining artificial intelligence, data analysis, and network monitoring to detect ransomware activity.

The system continuously analyses:

  • Network traffic
  • System behaviour
  • Anomalous patterns linked to ransomware preparation phases

By focusing on early-stage indicators of attacks, the tool can detect threats before encryption processes fully execute, significantly reducing potential damage.

Realistic Testbed Simulation and Toolkit Development

The project developed a controlled testbed environment simulating real-world ransomware scenarios, particularly attacks targeting data in motion.

This includes:

  • A virtualized infrastructure with client-server interactions
  • Simulation of ransomware attack vectors on active data flows
  • Development and validation of detection and mitigation strategies

The final outcome is a GUARDIAN toolkit, designed for easy deployment and usability, enabling end-users to install and operate the solution with minimal complexity.

Key Achievements

Development of a prototype software toolkit for detecting and mitigating ransomware attacks.

Successful implementation and validation of a realistic ransomware testbed environment.

Integration of AI-based anomaly detection algorithms for monitoring system behaviour.

Definition and deployment of detection and mitigation strategies targeting data-in-motion attacks.

Delivery of user-centric guidance and documentation to support tool adoption and usability.

Demonstration and validation of the solution through experimental results and scientific dissemination.

Impact & Results

Scientific Impact

GUARDIAN advances the field of cybersecurity by providing a practical implementation of ransomware detection focused on data in motion, an emerging and underexplored attack vector. The project contributes to research through validated methodologies and scientific dissemination, including conference publications.

Societal Impact

The project strengthens digital resilience by enabling users and organizations to detect and respond to ransomware threats before critical damage occurs. This enhances trust in digital systems and supports safer online environments for both individuals and enterprises.

Economic & Industrial Impact

By preventing data loss, operational disruption, and financial extortion, GUARDIAN provides clear value for organizations. Its toolkit and service-oriented model (setup, consultancy, customization) create opportunities for cybersecurity services and commercial deployment.

Publications and Open-Source Contributions

  • GUARDIAN software toolkit (detection and mitigation tool)
  • Technical reports on architecture, detection strategies, and testbed setup
  • Scientific publication presented at IEEE Cyber Science and Research Conference
  • Dissemination via GitHub, website, and communication channels

Future directions

  • Further development and refinement of the GUARDIAN toolkit for real-world deployment
  • Expansion of detection capabilities to address evolving ransomware techniques
  • Commercialization through consultancy, setup, and customization services
  • Continued research collaboration and participation in international cybersecurity initiatives
  • Integration into broader cybersecurity ecosystems and potential open-source contributions

Subscribe to our newsletter
SUBSCRIBE

Horizon Europe – Grant Agreement number 101092887

Funded by the European Union. Views and opinions expressed are however those of the author(s) only and do not necessarily reflect those of the European Union or European Union’s Horizon Europe research and innovation programme. Neither the European Union nor the granting authority can be held responsible for them.