Visible to the public A novel method for recovery from Crypto Ransomware infections

TitleA novel method for recovery from Crypto Ransomware infections
Publication TypeConference Paper
Year of Publication2016
AuthorsWeckstén, M., Frick, J., Sjöström, A., Järpe, E.
Conference Name2016 2nd IEEE International Conference on Computer and Communications (ICCC)
ISBN Number978-1-4673-9026-2
Keywordscommand and control systems, composability, Computers, crypto ransomware, crypto ransomware infections, Encryption, extortion, Human Behavior, infection recovery, invasive software, Malware, Metrics, Network security, Payloads, pubcrawl, ransomware, recovery, Resiliency, Servers, shadow copies, Software, System recovery

Extortion using digital platforms is an increasing form of crime. A commonly seen problem is extortion in the form of an infection of a Crypto Ransomware that encrypts the files of the target and demands a ransom to recover the locked data. By analyzing the four most common Crypto Ransomwares, at writing, a clear vulnerability is identified; all infections rely on tools available on the target system to be able to prevent a simple recovery after the attack has been detected. By renaming the system tool that handles shadow copies it is possible to recover from infections from all four of the most common Crypto Ransomwares. The solution is packaged in a single, easy to use script.

Citation Keywecksten_novel_2016