loading page

RansomCillin: Leveraging NTFS Spare Space to Recover from Ransomware Attacks
  • +1
  • Kazuya Takeuchi ,
  • Himari Fujima ,
  • Takako Kumamoto ,
  • Yunko Yoshida
Kazuya Takeuchi
Nagoya Institute of Cyber Technology

Corresponding Author:[email protected]

Author Profile
Himari Fujima
Author Profile
Takako Kumamoto
Author Profile
Yunko Yoshida
Author Profile


This study investigates an innovative method to combat ransomware, leveraging the New Technology File System (NTFS) spare space in Windows operating systems. The focus is on RansomCillin, a tool designed for effective data recovery after ransomware attacks. The methodology entailed a simulated environment using prevalent ransomware strains to assess RansomCillin’s file recovery success, time efficiency, data integrity, and system performance impact. Results showed RansomCillin’s high effectiveness in restoring encrypted files with minimal system disruption. Despite its promising performance, the study is limited to NTFS file systems and specific ransomware families, indicating the need for broader application in future research. This work suggests a paradigm shift in ransomware mitigation strategies, emphasizing proactive recovery and continuous adaptation to evolving cyber threats. RansomCillin’s development and testing highlight its potential as a practical solution in the ongoing battle against ransomware.