DeepSec2020 talk: Ransomware: Trends, Analysis and Solutions – Josh Pyorre

Sanna/ October 9, 2020/ Conference

My talk on ransomware will be technical, but also tells the story of how it’s evolved, highlighting specific and interesting infections. I’ll walk through the history of ransomware, its relationship to cryptojacking, and the supporting software made up of malspam and exploit kits. We’ll also address the recent phase of ransomware data extortion. There will be demonstrations of current malware infections as well as unique methods and ideas for detection and hunting. We’ll end with multiple methods of prevention and mitigation, some using paid products, but with the focus primarily on opensource options. Since I work with approximately 15% of the internets DNS traffic in my job, I will be using some of that data to show statistics. Despite that, I’ve done my best to make sure this is not a talk about products from my company, and aim

Read More

DeepSec 2018 Talk: Dissecting The Boot Sector: The Hunt for Ransomware in the Boot Process – Raul Alvarez

Sanna/ October 4, 2018/ Conference, Security

Ransomware is as cyber as it gets these days. It’s all over the news, and it is a lucrative business case. Modern malicious software has been put to work for its masters. It is the platform of deployment for a whole variety of additional code. So why is ransomware not the same as any other malicious software? Raul Alvarez will explain this to you at DeepSec 2018: Ransomware slightly differs in their attack vectors, encryption algorithms, and selection of files to encrypt. A common ransomware technique is to encrypt files and hold it for ransom. Petya ransomware does the infection a bit different from the others. Instead of encrypting files, it encrypts the MFT, Master File Table, which contains the metadata and headers for each file in the system. Another trait of this malware

Read More