Researchers at Purdue University have developed a new tool dubbed R2D2 (short for “Reactive Redundancy for Data Destruction Protection”) that can protect systems from disk-wiping malware such as Shamoon and Stonedrill.
The solution includes a virtual machine monitor (VMM) using virtual machine introspection (VMI).
According to a Register report, R2D2 analyzes write buffers before they reach storage. If the write is destructive, it preserves the targeted data from destruction.
According to the report, the researchers tested R2D2 against numerous disk-wiping malicious tools and claimed success with “all the wiper malware samples in the wild that we experimented with”.
The researchers will be publishing the work in a May issue of the Computers & Security journal.