Link Search Menu Expand Document

date: 2016-07-10

Ransomware is easy money for criminals, let’s face it a few lines of code to enumerate the file system, byte stream read the file pass to encryption function and then write the returned bytes back to file stream renaming during process is not a hard day’s work.

If that’s too much like hard work then a nice Turkish gent wrote hidden-tear just for educational purposes mind you… He published his work here but as you can see he changed his mind and redacted his work… but this is github, and he got forked 434 times in fact. It wasn’t difficult to find another repository a good one is here you will set of anti-virus alerts with the compiled binaries.

I checked out which AV were detecting this file, with previous analysis here and my reanalysis here the interesting thing to note is the name of the strain the AV vendors are naming it.

So to demonstrate how ineffective AV is these days, I tweaked the code, and my sample which will be very handy for demonstrating to people the attack and how to mitigate has the analysis results here with a nice zero detections, Think ZERO DAY, any potential target could be in a world of trouble if they have not taken effective counter measures.

Concerned about ransomware? seek advice, professionals like myself can help!