Unless you've been living under a rock lately you'll be well aware of the surge of ransomware of late. In this talk we'll work through the comm's of a ransomware sample (or three) and build a quick site to deliver the response the ransomware is expecting. Then with some DNS redirection we'll show how to trick the ransomware into thinking you've paid and self-decrypting for you. In the process we'll discuss reverse engineering the ransomware and how to use the approach more broadly to quickly enable recovery. Attendee's will walk away with copies of our code and armed with new techniques for thwarting ransomware.

"Tim switched from IT to ""information security"" in 1994 when infosec consisted of being the ""firewall guy"" and has been along for the ride ever since. Ryan Borre is a Sr. Info Security Analyst at Target Corporation. His primary duties include network, host, and malware analysis. Ryan received his Associates of Science in Computer Science at Normandale Community College and a Bachelor of Science in Information Technology at the University of Phoenix. He has been a military member since 2001, during which he deployed overseas for Operation Iraqi Freedom and Enduring Freedom. His IT career began as an unpaid student worker, then he worked as a Dell service technician, and a help desk analyst for the State of Minnesota. Ryan enjoys spending time with his wife and daughter, camping, and dirt biking. He has a deep passion for cyber security and is always trying to discover new ways of exploiting malware."

@Soinull

Back to BSides Augusta 2016 video list