No Time To Die - Ransomware Will Return
With the growth of cryptocurrency usage, there has been more and more ransomware discovered in recent years. Attackers use ransomware to encrypt the files of the random (or targeted) victims and threaten them to pay. We analyze them and focus on the techniques which are used, especially on ransomware. For instance, some of them only encrypt part of the file content to enhance the encryption speed. They also use different encryption schemes to ensure fast and safe.
Without knowing our enemies, we must lose the game. In this talk, we share reversing analysis of several current ransomware and explain their techniques, including packer, obfuscation, key generation, encryption scheme, .etc. Furthermore, we introduce two advanced utilization of them for decryption and vaccination. In addition, we make a comparison of them and discuss why they use these techniques.
Take away:
- Anti-reversing and anti-debugging techniques used in ransomware and how to conquer them.
- Decryptor based on a vulnerability in encryption scheme.
- Vaccine relied on environment check and atomic check.
- Fast encryption tricks.