SANS Digital Forensics and Incident Response Blog | Identifying and Disrupting Crypto-Ransomware (and Destructive Malware) | SANS Institute
I have been giving some thought to how we can stop crypto-ransomware
doing it's thing. Initially, I thought about interfering with the Windows CryptAPI, perhaps hooking the CryptEncrypt function, however page 16 of a report analysing various samples by Bromium shows that some samples use CryptoAPI, others use OpenSSL libraries and a few even use custom inline code.
No comments:
Post a Comment