InfoconDB

Presented at Hackfest 2017, Nov. 4, 2017, 11 a.m. (Unknown duration)

Virlock is a polymorphic file-infecting ransomware. It is capable of infecting executable files and at the same time, hold your computer hostage.

Running a single infected file is a sure way of infecting your computer all over again. That is one of the main goals of Virlock. As a ransomware, the malware makes sure that you won't be able to use your computer until you pay the ransom demand. And to make our lives, even harder, Virlock employs an on-demand polymorphic algorithm, where each and every copy of the infected executable file is different from each other. And there is more, Virlock is not only a polymorphic file-infecting ransomware. The initial set of the malware code is metamorphic in nature.

Presenters:

Raul Alvarez
I am a Senior Security Researcher/Team Lead at Fortinet. I am the Lead Trainer responsible for training the junior AV/IPS analysts in malware analysis and reverse engineering. I have presented in different conferences like BSidesVancouver, BSidesCapeBreton, OAS-First, BSidesOttawa, SecTor, DefCamp, BCAware, AtlSecCon, BSidesCalgary, TakeDownCon, MISABC, and InsomniHack. I am a regular contributor to the Fortinet blog and to the Virus Bulletin publication, where I have published 22 articles.

Dissecting a Metamorphic File-Infecting Ransomware

Presenters:

Links:

Similar Presentations: