Android ransomware: turning CryptoLocker into CryptoUnlocker (live demo)

Presented at VB2015, Oct. 1, 2015, 4 p.m. (30 minutes).

*[Download slides](/uploads/pdf/conference_slides/2015/Adamov-VB2015.pdf) (PDF)* We are seeing an increasing number of pieces of ransomware for *Android* devices. They are adopting new social engineering, communication and encryption techniques such as the use of TOR and advanced encryption algorithms (RSA-1024 and even elliptic curve cryptography). However, the majority of *Android* cryptolockers are simple enough to be disassembled and used to restore encrypted data. The presentation will start with an overview of recent *Android* ransomware as well as the technologies used by them. Then we turn to reverse engineering techniques that can be applied to analyse malicious behaviour. Finally, we will perform a demo showing the process of analysing and patching the cyptolocker. During the demo the following tools and techniques will be addressed: disassembling/assembling using apktool, decompiling a dex file to jar with the dex2jar tool, decompiling a jar file with Java Decompiler to analyse the original Java code, a signing tool to sign the new package, *Android* SDK and emulator to run the cryptolocker.

Presenters:

  • Alexander Adamov - NioGuard Security Lab
    Alexander Adamov Alexander Adamov is a founder of Nioguard Cloud Sandbox Startup with more than ten years' experience in the anti-virus industry working for Kaspersky Lab, Lavasoft and Samsung. Alexander is also a university lecturer developing new courses for EU universities, presenting lectures and trainings that address network security, reverse engineering, and advanced malware analysis. At present he is researching a Ph.D. project related to cyberspace security and malware sandboxing in the cloud. @Alex_Ad

Links:

Similar Presentations: