I Wrote my Own Ransomware; Did Not Make 1 Iota Of A Bitcoin

Presented at DeepSec 2017 „Science First!“, Unknown date/time (Unknown duration).

2016 saw a substantial rise in ransomware attacks and in some cases the return of some favourites with Cryptowall, CTB-LOCKER and TeslaCrypt being some of the most popular. The volume of attacks was in fact pretty steady for a good part of the year, with regular campaigns coming out on a weekly basis. It was interesting to see the variety in mechanisms used for the ransomware which not only included self-contained binaries but went all the way to the use of scripts. As part of the research I conducted last year, I wanted to understand why there's such a drive and lure for ransomware, outside of the victims payment, as well as have some way of properly testing "anti-ransomware" solutions with an unknown variant. So to do that, I went ahead and built my own ransomware and drew some conclusions on why it became so popular. This talk explore the background and process used to build a live ransomware that I was able to use for controlled testing. To finally draw some of my own personal conclusions.


Presenters:

  • Thomas Fischer - Digital Guardian
    With over 25+ years experience, Thomas has a unique view on security in the enterprise with experience in multi domains from risk management, secure development to incident response and forensics. In his career, he's held varying roles from incident responder to security architect for fortune 500 companies as well as industry vendors and consulting organizations. Currently he plays a lead role in advising customers while investigating malicious activity and analyzing threats for Digital Guardian. He's also a strong advocate of knowledge sharing and mentoring through being an active participant in the infosec community, not only as a member but also as director of Security BSides London and as an ISSA UK chapter board member.

Links:

Similar Presentations: