Readers like you help support my blog. When you make a purchase using links on our site, we may earn an affiliate commission! Thank you!

Monday, April 27, 2015

SANS Digital Forensics and Incident Response Blog | Identifying and Disrupting Crypto-Ransomware (and Destructive Malware) | SANS Institute

SANS Digital Forensics and Incident Response Blog | Identifying and Disrupting Crypto-Ransomware (and Destructive Malware) | SANS Institute  



I have been giving some thought to how we can stop crypto-ransomware
doing it's thing. Initially, I thought about interfering with the Windows CryptAPI, perhaps hooking the CryptEncrypt function, however page 16 of a report analysing various samples by Bromium shows that some samples use CryptoAPI, others use OpenSSL libraries and a few even use custom inline code.
Αναρτήθηκε από Στις

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)