ACM Digital Library home
ACM home
Advanced Search
10.1145/3548606.3563538acmconferencesArticle/Chapter ViewAbstractPublication PagesccsConference Proceedingsconference-collections
poster

Poster: Data Recovery from Ransomware Attacks via File System Forensics and Flash Translation Layer Data Extraction

Authors Info & Claims
CCS '22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications SecurityNovember 2022Pages 3335–3337https://doi.org/10.1145/3548606.3563538
Published:07 November 2022Publication History
  • 0citation
  • 113
  • Downloads
Metrics
Total Citations0
Total Downloads113
Last 12 Months113
Last 6 weeks5

CCS '22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security

Poster: Data Recovery from Ransomware Attacks via File System Forensics and Flash Translation Layer Data Extraction
Pages 3335–3337
PreviousChapterNextChapter

ABSTRACT

Ransomware is increasingly prevalent in recent years. To defend against ransomware in computing devices using flash memory as external storage, existing designs extract the entire raw flash memory data to restore the external storage to a good state. However, they cannot allow a fine-grained recovery in terms of user files as raw flash memory data do not have the semantics of "files''.

In this work, we design FFRecovery, a new ransomware defense strategy that can support fine-grained data recovery after the attacks. Our key idea is, to recover a file corrupted by the ransomware, we can 1) restore its file system metadata via file system forensics, and 2) extract its file data via raw data extraction from the flash translation layer, and 3) assemble the corresponding file system metadata and the file data. A simple prototype of FFRecovery has been developed and some preliminary results are provided.

References

  1. ext4 data structures and algorithms. https://docs.kernel.org/filesystems/ext4/ globals.html.Google ScholarGoogle Scholar
  2. Lpc-h3131. https://www.olimex.com/Products/ARM/NXP/LPC-H3131/.Google ScholarGoogle Scholar
  3. Ssd market share. https://www.t4.ai/industry/ssd-market-share.Google ScholarGoogle Scholar
  4. Sung Ha Baek, Youngdon Jung, Aziz Mohaisen, Sungjin Lee, and DaeHun Nyang. Ssd-insider: Internal defense of solid-state drive against ransomware with perfect data recovery. In 2018 IEEE 38th International Conference on Distributed Computing Systems (ICDCS), pages 875--884. IEEE, 2018.Google ScholarGoogle ScholarCross RefCross Ref
  5. Niusen Chen and Bo Chen. Defending against os-level malware in mobile devices via real-time malware detection and storage restoration. Journal of Cybersecurity and Privacy, 2(2):311--328, 2022.Google ScholarGoogle ScholarCross RefCross Ref
  6. Google Code. Opennfm. https://code.google.com/p/opennfm/.Google ScholarGoogle Scholar
  7. Le Guan, Shijie Jia, Bo Chen, Fengwei Zhang, Bo Luo, Jingqiang Lin, Peng Liu, Xinyu Xing, and Luning Xia. Supporting transparent snapshot for bare-metal malware analysis on mobile devices. In Proceedings of the 33rd Annual Computer Security Applications Conference, pages 339--349, 2017.Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. Jian Huang, Jun Xu, Xinyu Xing, Peng Liu, and Moinuddin K Qureshi. Flashguard: Leveraging intrinsic flash properties to defend against encryption ransomware. In Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pages 2231--2244. ACM, 2017.Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. Donghyun Min, Donggyu Park, Jinwoo Ahn, Ryan Walker, Junghee Lee, Sungyong Park, and Youngjae Kim. Amoeba: an autonomous backup and recovery ssd for ransomware attack defense. IEEE Computer Architecture Letters, 17(2):245--248, 2018.Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. Peiying Wang, Shijie Jia, Bo Chen, Luning Xia, and Peng Liu. Mimosaftl: adding secure and practical ransomware defense strategy to flash translation layer. In Proceedings of the Ninth ACM Conference on Data and Application Security and Privacy, pages 327--338, 2019.Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Xiaohao Wang, Yifan Yuan, You Zhou, Chance C Coats, and Jian Huang. Project almanac: A time-traveling solid-state drive. In Proceedings of the Fourteenth EuroSys Conference 2019, pages 1--16, 2019.Google ScholarGoogle Scholar
  12. Wen Xie, Niusen Chen, and Bo Chen. Enabling accurate data recovery for mobile devices against malware attacks. In 18th EAI International Conference on Security and Privacy in Communication Networks, 2022.Google ScholarGoogle Scholar

Index Terms

  1. Poster: Data Recovery from Ransomware Attacks via File System Forensics and Flash Translation Layer Data Extraction

      Recommendations

      Comments

      Login options

      Check if you have access through your login credentials or your institution to get full access on this article.

      Sign in

      Full Access

      Get this Publication

      • Article Metrics

        • Downloads (Last 12 months)113
        • Downloads (Last 6 weeks)5

        Other Metrics

        View Author Metrics

      PDF Format

      View or Download as a PDF file.

      PDF

      eReader

      View online with eReader.

      eReader
      View Table of Contents
      About Cookies On This Site

      We use cookies to ensure that we give you the best experience on our website.

      Learn more

      Got it!