A novel method for recovery from Crypto Ransomware infections
| Title | A novel method for recovery from Crypto Ransomware infections |
| Publication Type | Conference Paper |
| Year of Publication | 2016 |
| Authors | Weckstén, M., Frick, J., Sjöström, A., Järpe, E. |
| Conference Name | 2016 2nd IEEE International Conference on Computer and Communications (ICCC) |
| Publisher | IEEE |
| ISBN Number | 978-1-4673-9026-2 |
| Keywords | command and control systems, composability, Computers, crypto ransomware, crypto ransomware infections, Encryption, extortion, Human Behavior, infection recovery, invasive software, Malware, Metrics, Network security, Payloads, pubcrawl, ransomware, recovery, Resiliency, Servers, shadow copies, Software, System recovery |
| Abstract | Extortion using digital platforms is an increasing form of crime. A commonly seen problem is extortion in the form of an infection of a Crypto Ransomware that encrypts the files of the target and demands a ransom to recover the locked data. By analyzing the four most common Crypto Ransomwares, at writing, a clear vulnerability is identified; all infections rely on tools available on the target system to be able to prevent a simple recovery after the attack has been detected. By renaming the system tool that handles shadow copies it is possible to recover from infections from all four of the most common Crypto Ransomwares. The solution is packaged in a single, easy to use script. |
| URL | http://ieeexplore.ieee.org/document/7924925/ |
| DOI | 10.1109/CompComm.2016.7924925 |
| Citation Key | wecksten_novel_2016 |
- Metrics
- System recovery
- Software
- shadow copies
- Servers
- Resiliency
- recovery
- Ransomware
- pubcrawl
- Payloads
- network security
- command and control systems
- malware
- invasive software
- infection recovery
- Human behavior
- extortion
- encryption
- crypto ransomware infections
- crypto ransomware
- Computers
- composability