A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:


Using Ransomware Against Itself - Tim Crothers and Ryan Borres (BSides Augusta 2016) (Hacking Illustrated Series InfoSec Tutorial Videos)

Using Ransomware Against Itself
Tim Crothers and Ryan Borres

Unless you've been living under a rock lately you'll be well aware of the surge of ransomware of late. In this talk we'll work through the comm's of a ransomware sample (or three) and build a quick site to deliver the response the ransomware is expecting. Then with some DNS redirection we'll show how to trick the ransomware into thinking you've paid and self-decrypting for you. In the process we'll discuss reverse engineering the ransomware and how to use the approach more broadly to quickly enable recovery. Attendee's will walk away with copies of our code and armed with new techniques for thwarting ransomware.

"Tim switched from IT to ""information security"" in 1994 when infosec consisted of being the ""firewall guy"" and has been along for the ride ever since. Ryan Borre is a Sr. Info Security Analyst at Target Corporation. His primary duties include network, host, and malware analysis. Ryan received his Associates of Science in Computer Science at Normandale Community College and a Bachelor of Science in Information Technology at the University of Phoenix. He has been a military member since 2001, during which he deployed overseas for Operation Iraqi Freedom and Enduring Freedom. His IT career began as an unpaid student worker, then he worked as a Dell service technician, and a help desk analyst for the State of Minnesota. Ryan enjoys spending time with his wife and daughter, camping, and dirt biking. He has a deep passion for cyber security and is always trying to discover new ways of exploiting malware."


Back to BSides Augusta 2016 video list

Printable version of this article

15 most recent posts on Irongeek.com:

If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast