This study investigates an innovative method to combat ransomware,
leveraging the New Technology File System (NTFS) spare space in Windows
operating systems. The focus is on RansomCillin, a tool designed for
effective data recovery after ransomware attacks. The methodology
entailed a simulated environment using prevalent ransomware strains to
assess RansomCillin’s file recovery success, time efficiency, data
integrity, and system performance impact. Results showed RansomCillin’s
high effectiveness in restoring encrypted files with minimal system
disruption. Despite its promising performance, the study is limited to
NTFS file systems and specific ransomware families, indicating the need
for broader application in future research. This work suggests a
paradigm shift in ransomware mitigation strategies, emphasizing
proactive recovery and continuous adaptation to evolving cyber threats.
RansomCillin’s development and testing highlight its potential as a
practical solution in the ongoing battle against ransomware.