To address the challenge of secure sensitive data destruction, this paper proposes the “Encryption-as-Destruction” paradigm and designs SEER, a provably secure file erasure system. Methodologically, it is the first to repurpose the triple-encryption architecture of the Babuk ransomware—comprising Curve25519 key exchange, SHA-256-based key derivation, and the Sosemanuk stream cipher—for legitimate, security-critical erasure; this is integrated with hierarchical key management and instantaneous session-key wiping to tightly couple encryption with cryptographic key destruction. Theoretically, SEER provides formal security proofs under standard cryptographic assumptions. Experimentally, on the ESXi platform, SEER achieves erasure throughput four orders of magnitude higher than the DoD 5220.22-M standard, while maintaining rigorous information-theoretic security guarantees. Thus, SEER bridges the gap between theoretical security and industrial deployability, offering both provable safety and practical efficiency for secure data sanitization.

Ransomware has emerged as a persistent cybersecurity threat,leveraging robust encryption schemes that often remain unbroken even after public disclosure of source code. Motivated by the technical resilience of such mechanisms, this paper presents SEER (Secure and Efficient Encryption-based Erasure via Ransomware), a provably secure file destruction system that repurposes ransomware encryption for legitimate data erasure tasks. SEER integrates the triple-encryption design of the Babuk ransomware family, including Curve25519-based key exchange,SHA-256-based key derivation, and the Sosemanuk stream cipher, to construct a layered key management architecture. It tightly couples encryption and key destruction by securely erasing session keys immediately after use. Experimental results on an ESXI platform demonstrate that SEER achieves four orders of magnitude performance improvement over the DoD 5220.22 standard. The proposed system further ensures provable security through both theoretical foundations and practical validation, offering an efficient and resilient solution for the secure destruction of sensitive data.