SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsThe adoption of the Ransomware as a Service (RaaS) model has rapidly evolved the ransomware threat landscape. As a result, ransomware binary analysis of next-generation samples contains marginal code similarities with early generations within the same family. Often new generations of ransomware detection incorrectly identify the ransomware family. Infrastructure, tools, techniques, and procedures (TTPs), or ransom notes often determine the initial ransomware classification. Code similarities could assist investigators in identifying RaaS groups working on multiple ransomware families. Identifying common coding tactics in highly developed code allows security researchers to expedite attribution and develop mitigation strategies. Law enforcement can use code similarity analysis to show affiliation between ransomware groups. This paper aims to determine whether code similarities exist between next-generation ransomware and earlygeneration binaries. Research focuses on ransomware families containing four generations and analyzes randomly selected binaries using an automated genetic tool. Intezer’s genetic analysis compares binary samples against Intezer’s malware code repository. Intezer allows incident responders to analyze ransomware binaries and identify malware more accurately and quickly.
Launched in 1989 as a cooperative for information security thought leadership, it is SANS’ ongoing mission to empower cyber security professionals with the practical skills and knowledge they need to make our world a safer place.
Read more about SANS Institute