Data storage devices can be implemented in non-volatile memory (e.g., flash drives, solid-state drives, etc.), magnetic storage media (e.g., hard disc drives, backup tapes) or any one of a number of other digital storage media. To ensure the integrity of data stored on rewritable data storage devices, any number of various backup techniques can be utilized to preserve data against accidental data loss (e.g., via unintentional overwriting or deletion). One approach to data backup utilizes “snapshots,” an approach in which a data state or snapshot is preserved from further changes by storing any updates or changes to the data in the snapshot to a different physical location in the storage device (e.g., via “redirect-on-write”).
While the snapshot approach is effective in protecting data from accidental data loss, malicious data modification or destruction poses additional challenges. For example, an increasing trend in digital crime involves “ransomware” attacks, in which unauthorized users or processes can encrypt data in a data storage device in such a way that recovery is impracticable or even impossible without the decryption key. The ransomware attacker can then “ransom” the encrypted data by demanding payment for the decryption key, frequently with the threat that the encrypted data will be deleted if payment is not received in an amount, format and timeframe of the attacker's choosing.
As the sophistication of ransomware attacks has grown, the protection offered by conventional snapshot management approaches has declined. Because the host device to which a conventional data storage device is attached is capable of managing the snapshots on the data storage device (e.g., by overwriting them with updated data or deleting them), sophisticated ransomware that targets all backup data for encryption, including snapshots in data storage devices attached to the host targeted by the ransomware attack, can overcome the protection offered by conventional snapshot management by exploiting the ability of the host to modify the snapshots.
In addition to the growing threat of ransomware, additional threats to data integrity that conventional snapshot management techniques are ill-equipped to address include various other malicious data deletion threats (e.g., by viruses, worms, or the like) and malicious data modification threats (e.g., by unauthorized users to subvert financial or legal records) that can likewise exploit the ability of a host device to overwrite or delete snapshots in attached data storage devices. Accordingly, there is a need for improved techniques to protect the integrity of stored data.