RansomCillin: Leveraging NTFS Spare Space to Recover from Ransomware Attacks
preprint
OA: closed
Abstract
Abstract This study investigates an innovative method to combat ransomware, leveraging the New Technology File System (NTFS) spare space in Windows operating systems. The focus is on RansomCillin, a tool designed for effective data recovery after ransomware attacks. The methodology entailed a simulated environment using prevalent ransomware strains to assess RansomCillin's file recovery success, time efficiency, data integrity, and system performance impact. Results showed RansomCillin's high effectiveness in restoring encrypted files with minimal system disruption. Despite its promising performance, the study is limited to NTFS file systems and specific ransomware families, indicating the need for broader application in future research. This work suggests a paradigm shift in ransomware mitigation strategies, emphasizing proactive recovery and continuous adaptation to evolving cyber threats. RansomCillin's development and testing highlight its potential as a practical solution in the ongoing battle against ransomware.
My notes (saved in your browser only)
Citation neighborhood (no data yet)
We don't have any in-corpus citations linked to this paper yet. The paper's references may be in our DB but unresolved to ``paper_id`` (resolution happens at ingest when the cited DOI matches a row we already have). Run the cross-source citation reconcile pass to retry.
Source provenance
- europepmc
- last seen: 2026-05-20T01:45:00.602351+00:00