AntiRansomware Tools Thoroughly Tested Part 1

Information Security Inc.

AntiRansomware Tools

Thoroughly Tested Part 1

Information Security Confidential - Partner Use Only

Contents

• What is Ransomware?

• Rise of Ransomware

• Ransomware Testing Environment

• Cybereason RansomFree

• References

What is Ransomware?

• Ransomware is a type of malicious software from cryptovirology

that threatens to publish the victim's data or perpetually block

access to it unless a ransom is paid

• Ransomware is malicious code that is used by cybercriminals to

launch data kidnapping and lockscreen attacks

• The motive for ransomware attacks is monetary

Rise of Ransomware

Ransomware Testing Envinronment

• Victim machine: Windows 7 Ultimate SP1 x64

• Ransomware: Zepto ransomware (https://www.tripwire.com/state-

of-security/latest-security-news/the-newest-online-threat-zepto-

ransomware/)

Cybereason RansomFree

• Download link: https://ransomfree.cybereason.com/download/

• How does RansomFree work?

◎ CybereasonRans uses !NtCreateFile function (https://goo.gl/dNd3Hx) to create bait

folders and files in mutiple locations◎ Creating bait folders

◎ CybereasonRans uses !NtCreateFile function (https://goo.gl/dNd3Hx) to create bait

folders and files in multiple locations◎ Creating bait files inside the folders

• How does RansomFree work? When detecting suspecting behavior kill the process

◎ Ransomware is adding .zepto extension to bait files using NtSetInformationFile function

(https://goo.gl/3V1UMv)

◎ RansomFree kills ransomware’s threads and the parent process and loads a new

image of itself starting a new process with ID 244

◎ Thread stack before exiting

◎ BaseThreadInitThunk function (https://goo.gl/rm79Bd) calls the thread start address. If

the thread returns it will terminate the thread and delete it’s stack

◎ RansomFree deletes files generated by ransomware

References

• Wikipedia

https://en.wikipedia.org/wiki/Ransomware

• Knowbe

https://www.knowbe4.com/ransomware

• Heimdal security

https://heimdalsecurity.com/blog/what-is-ransomware-protection

AntiRansomware Tools Thoroughly Tested Part 1

Documents

Transcript of AntiRansomware Tools Thoroughly Tested Part 1

Instrument and Procedure Manual - Water · PDF filev CERTIFICATION Hach Company certifies this instrument was tested thoroughly, inspected and found to meet its published specifications

EMPLOYEE ACCIDENT INVESTIGATION FOR SUPERVISORS. TRAINING OBJECTIVE To provide supervisors information and tools to investigate employee accidents thoroughly.

Creative evaluation tools: Beyond ‘tired and tested’ Karen Gray Willis Newson

INSTRUCTION MANUAL - Hobbicomanuals.hobbico.com/flz/flza4010-manual.pdf3 We, as the kit manufacturer, provide you with a top quality, thoroughly tested kit and instructions, but ultimately

Multiphor II Electrophoresis System€¦ · Pharmacia Biotech AB guarantees that the product delivered has been thoroughly tested to ensure that it meets its published specifications.

Step 3: Choosing Tools - Demardemar.com.au/wp-content/themes/demar/pdf/diy/006_pergola.pdf · Before purchasing tools, timber and materials, read every step thoroughly then talk to

Battle-Tested Tools to Rock Your Digital Storytelling

VT8000 Room Controllers - Viconics · • Each implementation of equipment utilizing communication links must be individually and thoroughly tested for proper operation ... period

SKELETON AND CAULKING GUNS Resin Gun · All concept applicator guns are thoroughly mechanically tested and CE rated. Thrust ratios are market leading and the tools are manufactured

How to Find Email Addresses with 92% Accuracy – 9 Email Lookup Tools Tested

Introductory Econometrics for Finance...Introductory Econometrics for Finance This bestselling and thoroughly classroom-tested textbook is a complete resource for ﬁnance students.

SpO2 Functional Tester - Flukeassets.fluke.com/manuals/spotlighumeng0000.pdf · Certification This instrument was thoroughly tested and inspected. It was found to meet Fluke Biomedical’s

Ductility Testing Machines Testing Machines. this is a blank page corrector. Introduction ... Completely melt the bituminous material to be tested until thoroughly fluid by

N28 N48 UM V2.8 EN 20120301v2 2.01.05static.highspeedbackbone.net/pdf/Thecus N2800_N4800 SMB...are thoroughly tested before they leave the factory and should function normally under

The Grange School - Tried and Tested Internet Tools for Teachers

High quality PDR tools - HBC system SMART by HBC High quality PDR tools ... Complete G30 PDR Tools kit and ... The PDR tools from HBC system are tested and homologated by car

Incubators - SRICO · Incubators DAIHAN Scientific ... All the units supplied by DAIHAN Scientific are thoroughly tested, using 12 temperature sensors and the latest instruments to

Aluminum bulkheads converted to composite … composite. The proposed material was tested thoroughly against the aluminum bulkhead. Based on discussion with end customer, DEP Engineers

CASCADIA Cascadia began life as one of the most thoroughly tested Freightliner trucks ever, ensuring its productivity, safety, durability and

Model 4300C - Valhalla Scientific · 2020. 8. 2. · iii Certification Valhalla Scientific Inc. certifies that this instrument was thoroughly tested, inspected, and found to meet