Review of Ransomware Attacks and a Data Recovery Framework using Autopsy Digital Forensics Platform

Smit Chandrakant Nayak, Vaibhavi Tiwari, Bharath K. Samanthula

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

2 Scopus citations

Abstract

The proliferation of digital technologies and the ubiquitous nature of data connectivity has dramatically increased the landscape of cyberattacks over the past decade. Ransomware attacks have become a global incidence and the most destructive cyber menace. As a popular example of cryptovirology, ransomware attacks typically encrypt files on a target computer and threaten to publish or permanently prevent access to the victim's data unless a ransom is paid. In general, ransom demands are often made in cryptocurrency to obscure transactions and maintain anonymity. Nonetheless, paying the ransom does not guarantee data recovery; and therefore, there is a strong need to develop alternative data recovery strategies. To build and implement proper data recovery procedures, it is necessary to analyze ransomware and identify its characteristics. In this paper, we first provide a review of ransomware types and common data recovery methods. Then, we propose a novel ransomware detection and data recovery framework to effectively retrieve data from infected files. Specifically, we investigate the notorious WannaCry malware and analyze its execution on a Windows virtual machine. We conduct digital forensics using the Autopsy tool to recover WannaCry-infected data and demonstrate the practicality of the proposed framework. Our framework can be applied to develop effective data recovery methods for WannaCry and other ransomware variants with similar behavior.

Original languageEnglish
Title of host publication2023 IEEE 13th Annual Computing and Communication Workshop and Conference, CCWC 2023
EditorsRajashree Paul
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages605-611
Number of pages7
ISBN (Electronic)9798350332865
DOIs
StatePublished - 2023
Event13th IEEE Annual Computing and Communication Workshop and Conference, CCWC 2023 - Virtual, Online, United States
Duration: 8 Mar 202311 Mar 2023

Publication series

Name2023 IEEE 13th Annual Computing and Communication Workshop and Conference, CCWC 2023

Conference

Conference13th IEEE Annual Computing and Communication Workshop and Conference, CCWC 2023
Country/TerritoryUnited States
CityVirtual, Online
Period8/03/2311/03/23

Keywords

  • cryptovirology
  • cyber forensics
  • data recovery
  • encryption
  • Ransomware

Fingerprint

Dive into the research topics of 'Review of Ransomware Attacks and a Data Recovery Framework using Autopsy Digital Forensics Platform'. Together they form a unique fingerprint.

Cite this