Ransomware threat continues to grow over years. The existing defense techniques for detecting malicious malware will never be sufficient because of Malware Persistence Techniques. Packed malware makes analysis harder & also it may sound like a trusted executable for evading modern antivirus. This paper focuses on the analysis part of few ransomware samples using different reverse engineering tools & techniques. There are many automated tools available for performing malware analysis, but reversing it manually helped to write two different patches for Wannacry ransomware. Execution of patched ransomware will not encrypt the user machine. Due to new advanced evading techniques like Anti-Virtual Machine (VM) & Anti-debugging, automated malware analysis tools will be less useful. The Application Programming Interface (API) calls which we used to create patch, were used to create Yara rule for detecting different variants of the same malware as well.
CITATION STYLE
Naveen, S., & Gireesh Kumar, T. (2019). Ransomware Analysis Using Reverse Engineering. In Communications in Computer and Information Science (Vol. 1046, pp. 185–194). Springer Verlag. https://doi.org/10.1007/978-981-13-9942-8_18
Mendeley helps you to discover research relevant for your work.