Overview
Explore the evolution and technological advancements of ransomware in this 32-minute conference talk from BSidesSF 2018. Delve into the significant increase in ransomware families and malware technologies observed in 2017. Examine how various malware technologies combine to create more potent threats, particularly in ransomware and botnets. Analyze notable examples like WannaCry and NotPetya, which leveraged SMB exploits for widespread propagation. Investigate the use of low-level disk encryption by ransomware such as NotPetya, GoldenEye, and Armalocky. Learn about the distribution methods employed by GlobeImposter, BTCWare, and Troldesh/Crysis through RDP sessions. Discover the role of polymorphic packers in ransomware evolution. Understand the concept of Ransomware-as-a-Service (RaaS) and its impact on ransomware accessibility. Examine the unique case of UIWIX ransomware and its connection to the Adylkuzz coinminer. Gain insights into the diverse mix of malware technologies used for distribution and encryption in 2017's ransomware landscape, and consider potential future developments in this ever-evolving threat.
Syllabus
BSidesSF 2018 - Prospecting Ransomware Tech (Vlad Craciun)
Taught by
Security BSides San Francisco