Whitehat Hackers Publish Tutorial for Crypto Ransomware Defense, Countermeasures
HackMiami researchers release guide for decryption, remediation of ransomware malware infections.
Researchers from HackMiami have authored a whitepaper In an effort to combat the growing trend of cryptographic ransomware infections affecting businesses and consumers. The publication is intended as a guide for the analysis, decryption, and disinfection of devices that have been impacted by the latest variants of cryptographic ransomware.
Crytoransomware is defined as malicious software that infects a device, encrypts all content thereby locking out the user, and then displays a message demanding payment to the attacker for a decryption key.
"We sought to provide an easy to follow resource that will arm system administrators, as well as the general public, with the knowledge and resources needed to defend against these emerging, persistent threats," said Greg Lindor, malware analyst and instructor at HackMiami.
The Rise of Ransomware
The recent rise in ransomware can be attributed to several different evolutionary developments within the fraud underground.
The scalability of ransomware campaigns was limited as recently as 5 years ago. Most older ransomware campaigns required prepaid debit card codes to be purchased by victims, oftentimes these codes would be limited to a maximum of a few hundred dollars. Attackers had to coordinate extensive cashout rings with human money mules to monetize their campaign. It would be logical that attackers would only want to 'bite off what they can chew', so that they can continue to operate without drawing too much attention.
Furthermore, Bitcoin and other cryptocurrencies were not as popular as they are today, and the average victim would not know how to obtain or use Bitcoin or any other cryptocurrency. While marketplaces existed for the anonymized exchange and laundering of Bitcoin, the technology was new and only criminals with an exceedingly high tolerance for risk would trust the concept.
In the world of 2016, attackers are not restricted by low limits when extorting or laundering funds. Various international avenues, both legitimate and black market, now exist in the physical world and digital world for organized crime groups to rapidly cash extorted cryptocurrency earnings with minimal effort and no need for slow, risky money mule networks.
HackMiami 2016 Conference: Anti Crypto Ransomware Village
The Hackmiami 2016 Conference, taking place May 13 - 15 2016 at the Deuville Beach Resort in Miami Beach, will feature an open research area where attendees can learn details about how the most popular variants of crypto ransomware are delivered and spread through malicious attachments, drive by download exploit kits, and removable media.
Attendees will be exposed to the latest tools, techniques, and procedures in use by modern ransomware campaigns, and will have opportunities to analyze live devices infected with interesting cryptoransomware variants.
The HackMiami 2016 Conference will also host a workshop for all attendees on Saturday, May 14 entitled "Introduction to Malware Analysis and Reversing.". The workshop will delve into malware analysis methods, as well as the tools used to reverse engineer malicious payloads. The workshop will be hosted by Chad Seaman and Tsvetelin “Bincent” Choranov of Akamai SIRT along with Greg Lindor of HackMiami.
About HackMiami
HackMiami is the premier partnership resource in South Florida for information security services such as vulnerability analysis, penetration testing, digital forensics, and on-site training.
HackMiami seeks to develop and harness the participation of the global information security community through regular events, presentations, publications and competitions. These events allow the hacker community a forum to present their research, develop new techniques and methodologies, and at the same time provides a valuable networking resource for contracting opportunities. HackMiami events and research have been featured multiple times by prominent mainstream media outlets.
For more information on the HackMiami 2016 Conference, visit: http://www.hackmiami.com/
Crypto Ransomware Defense Counter Measure Guide: http://hackmiami.org/whitepapers/HackMiami-CryptoRansomwareDefenseCounterMeasureGuide.pdf
Related News
In a ransomware attack, it is assumed that the hackers prefer the ransom being paid in bitcoin due to the anonymous nature of its transactions. It might not be true as the hackers are probably interested in bitcoin for entirely different reasons. Bitcoin and Ransomware, these words appear more frequently in a single sentence these days than we wish for. Ransomware attacks have become a common occurrence these days. We had earlier reported the use of Advertising network by cyber criminals to propagate ransomware to the computers belonging to the readers of some of the leading news websites.....
A group of hackers has donated some of the bitcoin it extorted via ransomware attacks to charities, claiming that it wants to “make the world a better place.” However, the law says donations from ill-gotten gains must be rejected but charities have no way of returning donated bitcoin to the hackers. Hackers Donate Bitcoin to Charities A group of hackers known as “Darkside” has surprised the world by donating a portion of the proceeds from ransomware attacks to two charities, the BBC reported Monday, adding that the group is relatively new on the scene. Darkside....
Paying ransomware hackers to decrypt infected computers doesn't always work, and may even be a crime in some countries.
Although some people will argue the topic of Bitcoin ransomware has been beaten around the bush one time too many, it is important to bring attention to these threats. A new Cisco Systems study shows how 3 million servers are at risk of ransomware infections. When will people and enterprises learn to take cyber security more seriously? JBoss Enterprise Software Can Spread Ransomware. There is no denying Bitcoin ransomware has become one of the most severe threats computer users have faced in quite some time. To make matters even worse, a lot of servers are running vulnerable – and outdated....
Europol, the Dutch national police, McAfee, Intel Security and Kaspersky Labs have spent this past summer helping victims of ransomware. Calling themselves the “No More Ransom Project,” the group helps people learn about ransomware and how to prevent it, as well as offering tools to help victims recover lost data. A Web Portal Dedicated to Preventing and....