**1. Introduction**

The progression of cybercrime and the development and adoption of new techniques to jeopardize sensitive information and impart damage across the Internet present an alarming threat to businesses, governments, and nations. Recent cybersecurity research (e.g., the works in [1–6]) confirms cybercriminals' determination to develop newer techniques for achieving their malicious objectives. Ransomware is just one of the methods that have been used recently by cybercriminals to achieve financial gains in return for releasing ransomware-encrypted files to their rightful owners. Ransomware attacks represent a real security threat to users' data files and various network resources that would contain backup files. Amongst others, a conservative estimate is that ransomware criminals received USD 412 million in payments in 2020 [7]. Ransomware attacks impact individuals and organizations in the public and private sectors, including, amongs<sup>t</sup> many, the health sector, e-commerce, educational institutions, governmen<sup>t</sup> agencies, and the business sectors, in a

**Citation:** Al-Dwairi, M.; Shatnawi, A.S.; Al-Khaleel, O.; Al-Duwairi, B. Ransomware-Resilient Self-Healing XML Documents. *Future Internet* **2022**, *14*, 115. https://doi.org/ 10.3390/fi14040115

Academic Editor: Leandros Maglaras

Received: 12 March 2022 Accepted: 5 April 2022 Published: 7 April 2022

**Publisher's Note:** MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations.

**Copyright:** © 2022 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https:// creativecommons.org/licenses/by/ 4.0/).

manner that leads to economic and moral loss. In 2017, the WannaCry Ransomware [8], a recent massive Ransomware attack, impacted up to 300,000 users in 150 countries worldwide, preventing them from accessing their devices and demanding Bitcoin payments in exchange for unlocking the files involved.

With an ever-increasing rate of storing and sharing data, document security is becoming one of the biggest challenges that faces both individuals and organizations. Here, digital documents are represented in many formats, one of the most popular of which includes the Extensible Markup Language (XML). When Ransomware attacks victims' machines, it will seek to lock or encryp<sup>t</sup> users' crucial files and documents, including XML-based documents such as ".docx" and ".odt" file types.

Since 2010, the rate of infection by Ransomware has increased significantly. This growing threat has received significant attention from both academia and industry. Many research studies have intensely served to analyze Ransomware and develop new techniques to detect it, as long as it considers backup. However, a significant portion of all proposed detection techniques claims to have a high detection success rate. Nonetheless, most detection and protection systems in use have several limitations.

In this study, we address the problem of recovering XML documents once a ransomware attack has taken place. We propose a self-healing version-aware XML recovery framework to combat Ransomware to achieve this goal. The proposed framework takes advantage of the structure of XML documents and combines link-based version control with well-known access-control mechanisms.

The Version-Control System (VCS) manages all the changes made to documents, including tracking and storing versioning data. In this paper, VCS will be tapped into by presenting a novel approach directed at recovering ransomware-infected XML-based files and documents. Version-Aware XML-based documents are part of a distributed versioncontrol system that does not rely on a central repository but refers to the document file itself in tracking each subsequent version of a document.

The work presented in this paper focuses mainly on protecting XML-based documents such as ".docx" and ".odt" files from being encrypted by Ransomware. The proposed framework integrates decentralized version control that utilizes file links with access-control mechanisms to prevent Ransomware from tampering with the protected file version. Therefore, It ensures complete recovery of protected XML-based documents from ransomware infection. To that end, the main contributions of this work are as follows:


The rest of this paper is organized as follows: Section 2 provides background information on information security, Ransomware, and version-control systems. Section 3 reviews some pieces of related work. Section 4 presents the proposed system. The performance evaluation part is presented in Section 5. Finally, we conclude in Section 6.
