Alternate Data Stream Attack Framework to Perform Stealth Attacks on Active Directory Hosts

Bhardwaj, Akashdeep; Kaushik, Keshav; Maashi, Mashael; Aljebreen, Mohammed; Bharany, Salil

doi:10.3390/su141912288

Cited by 7 publications

(4 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The ethical and practical considerations surrounding ransom payment are examined, including the potential risks and implications of negotiating with attackers [9]. Backup and contingency planning are highlighted as essential components of a comprehensive ransomware mitigation strategy [39]. The role of emergency response teams and thirdparty cybersecurity firms in managing the aftermath of an attack is also explored, providing insights into the collaborative efforts required to mitigate the impact of ransomware [15].…”

Section: Response and Mitigation Strategiesmentioning

confidence: 99%

“…In particular, RansomCillin's proficiency in rapidly reverting files to their pre-attack state offers significant advantages [15], [16]. The software effectively minimizes downtime, a crucial factor for businesses where prolonged inaccessibility to data can lead to substantial operational disruptions and financial setbacks [39], [8]. The ability of RansomCillin to operate with a marginal impact on overall system performance ensures that users can continue their routine activities without experiencing significant slowdowns or disruptions, an essential aspect for maintaining productivity in a high-paced digital workspace.…”

Section: B Strategic Advancements In Ransomware Mitigationmentioning

confidence: 99%

See 1 more Smart Citation

RansomCillin: Leveraging NTFS Spare Space to Recover from Ransomware Attacks

Takeuchi,

Fujima,

Kumamoto

et al. 2023

Preprint

View full text Add to dashboard Cite

This study investigates an innovative method to combat ransomware, leveraging the New Technology File System (NTFS) spare space in Windows operating systems. The focus is on RansomCillin, a tool designed for effective data recovery after ransomware attacks. The methodology entailed a simulated environment using prevalent ransomware strains to assess RansomCillin's file recovery success, time efficiency, data integrity, and system performance impact. Results showed RansomCillin's high effectiveness in restoring encrypted files with minimal system disruption. Despite its promising performance, the study is limited to NTFS file systems and specific ransomware families, indicating the need for broader application in future research. This work suggests a paradigm shift in ransomware mitigation strategies, emphasizing proactive recovery and continuous adaptation to evolving cyber threats. RansomCillin's development and testing highlight its potential as a practical solution in the ongoing battle against ransomware.

show abstract

Section: Response and Mitigation Strategiesmentioning

confidence: 99%

Section: B Strategic Advancements In Ransomware Mitigationmentioning

confidence: 99%

RansomCillin: Leveraging NTFS Spare Space to Recover from Ransomware Attacks

Takeuchi,

Fujima,

Kumamoto

et al. 2023

Preprint

View full text Add to dashboard Cite

show abstract

“…The ethical and practical considerations surrounding ransom payment are examined, including the potential risks and implications of negotiating with attackers [9]. Backup and contingency planning are highlighted as essential components of a comprehensive ransomware mitigation strategy [38]. The role of emergency response teams and thirdparty cybersecurity firms in managing the aftermath of an attack is also explored, providing insights into the collaborative efforts required to mitigate the impact of ransomware [15].…”

Section: Response and Mitigation Strategiesmentioning

confidence: 99%

“…In particular, RansomCillin's proficiency in rapidly reverting files to their pre-attack state offers significant advantages [15], [16]. The software effectively minimizes downtime, a crucial factor for businesses where prolonged inaccessibility to data can lead to substantial operational disruptions and financial setbacks [38], [8]. The ability of RansomCillin to operate with a marginal impact on overall system performance ensures that users can continue their routine activities without experiencing significant slowdowns or disruptions, an essential aspect for maintaining productivity in a high-paced digital workspace.…”

Section: B Strategic Advancements In Ransomware Mitigationmentioning

confidence: 99%

RansomCillin: Leveraging NTFS Spare Space to Recover from Ransomware Attacks

Takeuchi,

Fujima,

Kumamoto

et al. 2023

Preprint

View full text Add to dashboard Cite

<p>This study investigates an innovative method to combat ransomware, leveraging the New Technology File System (NTFS) spare space in Windows operating systems. The focus is on RansomCillin, a tool designed for effective data recovery after ransomware attacks. The methodology entailed a simulated environment using prevalent ransomware strains to assess RansomCillin's file recovery success, time efficiency, data integrity, and system performance impact. Results showed RansomCillin's high effectiveness in restoring encrypted files with minimal system disruption. Despite its promising performance, the study is limited to NTFS file systems and specific ransomware families, indicating the need for broader application in future research. This work suggests a paradigm shift in ransomware mitigation strategies, emphasizing proactive recovery and continuous adaptation to evolving cyber threats. RansomCillin's development and testing highlight its potential as a practical solution in the ongoing battle against ransomware.</p>

show abstract