!!Con West 2019 - Pranshu Bajpai: The Conjuring: ransomware edition!!

Presented at !!Con West 2019: http://bangbangcon.com/west Ransomware is malevolent software that possesses hosts, holds files hostage, and allows its dark masters to perform extortion. This form of malware seeks to infect weak hosts, acquires a unique encryption secret, encrypts user data using this secret incantation (key), locks away the key so the victim cannot obtain it, and finally exhibits signs of possession (ransom notes). Once the possession takes hold, no exorcist or security expert can help. But how does ransomware really function? What does it take to successfully carry out the biggest financially motivated cybercrime operations? How does ransomware infiltrate hosts? Where does it acquire the unique encryption key needed to encrypt each victim’s data? How does it hide this key from victims? Why is data recovery infeasible without the key? In this talk, we discuss the intricacies of a ransomware infection. We follow the process of host infiltration, communication with malware’s command and control server, key management on host, file encryption, and finally the underground market of buying, selling, developing and distributing ransomware. We dissect real-world ransomware and show demonstrations of the most successful ransomware variants in action!