Detecting Ransomware Despite I/O Overhead: A Practical Multi-Staged Approach
Christian van Sloun
Network and Distributed System Security (NDSS) Symposium 2025 · Day 3 · Ransomware
Ransomware continues to pose a significant threat to cybersecurity, consistently ranking among the top concerns for organizations worldwide. Attacks like the 2021 Colonial Pipeline incident underscore the profound real-world consequences, from widespread fuel shortages to significant economic disruption. This talk, presented by Christian van Sloun from RWTH AR University, delves into the critical challenge of detecting **cryptographic ransomware**—malware that encrypts user files and demands a ransom for their release—in real-time environments. While extensive research has focused on improving ransomware detection mechanisms, a crucial bottleneck has largely been overlooked: the substantial **IO behavior monitoring overhead** incurred by current detection systems, particularly on modern, high-performance storage devices.
AI review
Legitimate academic systems security work that identifies a real and underappreciated problem — IO monitoring overhead on SSDs — and proposes a credible staged mitigation. The engineering contribution is solid, but the novelty ceiling is low and the detection results against modern ransomware are modest enough to temper enthusiasm.