Dissecting a Metamorphic File-Infecting Ransomware

Presented at Hackfest 2017, Nov. 4, 2017, 11 a.m. (Unknown duration).

Virlock is a polymorphic file-infecting ransomware. It is capable of infecting executable files and at the same time, hold your computer hostage.

Running a single infected file is a sure way of infecting your computer all over again. That is one of the main goals of Virlock. As a ransomware, the malware makes sure that you won't be able to use your computer until you pay the ransom demand. And to make our lives, even harder, Virlock employs an on-demand polymorphic algorithm, where each and every copy of the infected executable file is different from each other. And there is more, Virlock is not only a polymorphic file-infecting ransomware. The initial set of the malware code is metamorphic in nature.

Presenters:

• Raul Alvarez
  I am a Senior Security Researcher/Team Lead at Fortinet. I am the Lead Trainer responsible for training the junior AV/IPS analysts in malware analysis and reverse engineering. I have presented in different conferences like BSidesVancouver, BSidesCapeBreton, OAS-First, BSidesOttawa, SecTor, DefCamp, BCAware, AtlSecCon, BSidesCalgary, TakeDownCon, MISABC, and InsomniHack. I am a regular contributor to the Fortinet blog and to the Virus Bulletin publication, where I have published 22 articles.

Links:

• https://hackfest.ca/en/2017/speakers2017/#raul
• https://infocon.org/cons/Hackfest/Hackfest 9 2017/Dissecting a Metamorphic File-Infecting Ransomware (Raul Alvarez).mp4
• https://infocon.org/cons/Hackfest/Hackfest 9 2017/Dissecting a Metamorphic File-Infecting Ransomware (Raul Alvarez).eng.srt (subtitles)
• https://www.youtube.com/watch?v=vJ08_6CCd6g

Similar Presentations:

• Black Hat USA 2015 / Most Ransomware Isn't as Complex as You Might Think
• BSides Austin 2017 / Put up a CryptoWall and Locky the key: Stopping the explosion of ransomware
• BSides Austin 2017 / Defending against ransomware: You already have the capability, why are we not using it? This method stopped our attacks cold. Now let me show you how to do it. And it’s FREE, you don’t have to purchase anything.