There was an unprecedented rise in the development and deployment of ransomware in 2016. The most common form of ransomware is designed to encrypt a user's files in the hopes of obtaining a Bitcoin ransom payment in exchange for the means to decrypt the affected files. Static detection of this type of ransomware through traditional anti-virus approaches has typically had mixed results due to the unique characteristics of these samples and rapid evolution of ransomware families. Behavioral detection methods have shown a lot of promise as an effective means for generically detecting ransomware at runtime with minimal data loss. This talk will detail an effective behavioral detection method with some novel components and provide an overview of the trials and tribulations I've endured while on the path to implementing this Windows ransomware detection framework.
To learn more on this topic, attend the 10th annual SANS Digital Forensics & Incident Response (DFIR) Summit & Training.'this training event brings together an influential group of experts, SANS training, and industry networking opportunities in one place. Over the course of this eight-day training event, you'll enjoy: