Most Ransomware Isn't As Complex As You Might Think

Explore the findings of academic research on ransomware in this 23-minute Black Hat conference talk by Engin Kirda. Analyze over 1,300 samples from 15 malware families captured between 2006 and 2014. Discover that most ransomware attacks are nondestructive and preventable, despite some advancements in encryption, deletion, and communication techniques. Learn about the increase in ransomware attacks, with a 500% growth from 2012-2013, and examine previously undocumented aspects of these attacks. Compare threatened impacts versus real impacts, revealing that 94% of studied ransomware merely attempted to lock victims' desktops or used superficial encryption methods. Investigate the inner workings of rare destructive ransomware, including API calls, file system activity, and decoy files. Examine various charging methods adopted by different ransomware families, with over 88% using prepaid online payment systems. Understand why detecting and stopping advanced ransomware attacks is not as difficult as reported, and learn about effective prevention methods such as scanning for unusual file system activities and protecting the Master File Table in Windows machines.

Intro
My Background
What We Will Discuss
The Anatomy of an Attack
Ransomware Evolution
Complexity and Sophistication
A Closer Look at Ransomware
Encryption Mechanisms
Deletion Mechanisms
Locking Mechanisms
Achilles' Heel of Ransomware
Example: Dissecting Cryptolocker
Key Takeaways