Whitehat Hackers Publish Tutorial for Crypto Ransomware Defense, Countermeasures

Share Article

HackMiami researchers release guide for decryption, remediation of ransomware malware infections.

HackMiami Cryptoransomware Defense, Countermeasures Guide

HackMiami Cryptoransomware Defense, Countermeasures Guide

We sought to provide an easy to follow resource that will arm system administrators, as well as the general public, with the knowledge and resources needed to defend against these emerging, persistent threats - Greg Lindor @_g3nuin3

Researchers from HackMiami have authored a whitepaper In an effort to combat the growing trend of cryptographic ransomware infections affecting businesses and consumers. The publication is intended as a guide for the analysis, decryption, and disinfection of devices that have been impacted by the latest variants of cryptographic ransomware.

Crytoransomware is defined as malicious software that infects a device, encrypts all content thereby locking out the user, and then displays a message demanding payment to the attacker for a decryption key.

"We sought to provide an easy to follow resource that will arm system administrators, as well as the general public, with the knowledge and resources needed to defend against these emerging, persistent threats," said Greg Lindor, malware analyst and instructor at HackMiami.

The Rise of Ransomware

The recent rise in ransomware can be attributed to several different evolutionary developments within the fraud underground.

The scalability of ransomware campaigns was limited as recently as 5 years ago. Most older ransomware campaigns required prepaid debit card codes to be purchased by victims, oftentimes these codes would be limited to a maximum of a few hundred dollars. Attackers had to coordinate extensive cashout rings with human money mules to monetize their campaign. It would be logical that attackers would only want to 'bite off what they can chew', so that they can continue to operate without drawing too much attention.

Furthermore, Bitcoin and other cryptocurrencies were not as popular as they are today, and the average victim would not know how to obtain or use Bitcoin or any other cryptocurrency. While marketplaces existed for the anonymized exchange and laundering of Bitcoin, the technology was new and only criminals with an exceedingly high tolerance for risk would trust the concept.

In the world of 2016, attackers are not restricted by low limits when extorting or laundering funds. Various international avenues, both legitimate and black market, now exist in the physical world and digital world for organized crime groups to rapidly cash extorted cryptocurrency earnings with minimal effort and no need for slow, risky money mule networks.
HackMiami 2016 Conference: Anti Crypto Ransomware Village

The Hackmiami 2016 Conference, taking place May 13 - 15 2016 at the Deuville Beach Resort in Miami Beach, will feature an open research area where attendees can learn details about how the most popular variants of crypto ransomware are delivered and spread through malicious attachments, drive by download exploit kits, and removable media.

Attendees will be exposed to the latest tools, techniques, and procedures in use by modern ransomware campaigns, and will have opportunities to analyze live devices infected with interesting cryptoransomware variants.

The HackMiami 2016 Conference will also host a workshop for all attendees on Saturday, May 14 entitled "Introduction to Malware Analysis and Reversing.". The workshop will delve into malware analysis methods, as well as the tools used to reverse engineer malicious payloads. The workshop will be hosted by Chad Seaman and Tsvetelin “Bincent” Choranov of Akamai SIRT along with Greg Lindor of HackMiami.

About HackMiami

HackMiami is the premier partnership resource in South Florida for information security services such as vulnerability analysis, penetration testing, digital forensics, and on-site training.

HackMiami seeks to develop and harness the participation of the global information security community through regular events, presentations, publications and competitions. These events allow the hacker community a forum to present their research, develop new techniques and methodologies, and at the same time provides a valuable networking resource for contracting opportunities. HackMiami events and research have been featured multiple times by prominent mainstream media outlets.

For more information on the HackMiami 2016 Conference, visit http://www.hackmiami.com

Share article on social media or email:

View article via:

Pdf Print

Contact Author

HackMiami Information Desk
Follow >
Visit website