YZ
Uploaded byYouness Zougar
3,066 views

Ransomware for fun and non-profit

The document discusses how ransomware works by encrypting files on a victim's computer and demanding payment to decrypt the files. It explains the basic process of how ransomware encrypts files, displays a ransom message, and transmits encryption keys to the attacker. The document also provides examples of code that could be used to implement various functions required for a basic ransomware program, such as generating encryption keys, encrypting files, and displaying messages. Finally, it discusses techniques malware developers use to avoid detection by antivirus software.

Embed presentation

Downloaded 28 times
Ransomware for Fun and Non-Pro
t Youness Zougar (@L3tsXpl0it) zougar92@gmail.com October 30, 2014 In this paper, I will be explaining how Ransomware works by giving some examples. This is done for Educational purposes only to understand better how Ransomware behaves. 1 What is a Ransomware ? Brie y, Ransomware is a type of malware created in the aim to restrict access to a victim's computer by encrypting
les on the hard drive. After that, the victim is asked to pay the attacker to get the restriction removed by decrypting the encrypted
les. CryptoLocker for example is a Ransomware that infected more than 200K systems in the world, and generated millions of dollars to its developer. 2 How does it work ? The process is simple. Generally, when the Ransomware gets executed, it scans in background all the directories on the system looking for interesting
les' extensions (.docx, .xlsx...) that were hard coded in it, then it en- crypts them using an encryption key. Some Ransomwares block completely the victims to access the system by changing the Winlogon shell value from explorer.exe to the the path of the malware executable. At the end, the Ran- somware pops-up a window asking the victim a ransom to get the decryption key. To push the victim to pay as fast as possible, some Ransomwares cap- ture webcam session and use it to freak out the victim. Now, we have an idea how simple Ransomware works. Let's go deeper into its functions. 1
3 How Ransomware is made ? 3.1 Scenario Let's think of a simple Ransomware scenario. The victim will get the executable on his machine (torrent download, an infected USB stick...) and launches it. A window will pop-up displaying a loading bar asking the victim to wait. In the meantime and in background, all the interesting

More Related Content

PDF
Whispered secrets
byEleanor McHugh
 
PDF
IDSECCONF2013 CTF online Write Up
byidsecconf
 
PDF
Magic Clusters and Where to Find Them - Eugene Pirogov
byElixir Club
 
PDF
Magic Clusters and Where to Find Them 2.0 - Eugene Pirogov
byElixir Club
 
PDF
Book
byluis_lmro
 
PDF
Whispered secrets
byEleanor McHugh
 
KEY
The Ruby Guide to *nix Plumbing: on the quest for efficiency with Ruby [M|K]RI
byEleanor McHugh
 
PPT
Unix Programming with Perl 2
byKazuho Oku
 
Whispered secrets
byEleanor McHugh
 
IDSECCONF2013 CTF online Write Up
byidsecconf
 
Magic Clusters and Where to Find Them - Eugene Pirogov
byElixir Club
 
Magic Clusters and Where to Find Them 2.0 - Eugene Pirogov
byElixir Club
 
Book
byluis_lmro
 
Whispered secrets
byEleanor McHugh
 
The Ruby Guide to *nix Plumbing: on the quest for efficiency with Ruby [M|K]RI
byEleanor McHugh
 
Unix Programming with Perl 2
byKazuho Oku
 

What's hot

PDF
SSH I/O Streaming via Redis-based Persistent Message Queue -Mani Tadayon
byRedis Labs
 
PDF
Encrypt all transports
byEleanor McHugh
 
PDF
Go for the paranoid network programmer
byEleanor McHugh
 
PDF
Aprils fool 2014
bybijan_
 
PDF
STOP NETCUT..!!
byMartindra K
 
PDF
Abusing text/template for data transformation
byArnaud Porterie
 
PDF
Information track presentation_final
byKazuki Omo
 
PPTX
Threat hunting != Throwing arrow! Hunting for adversaries in your it environment
byNahidul Kibria
 
PDF
Creating an Arduino Web Server from scratch hardware and software
byJustin Mclean
 
PPTX
Nullbyte 6ed. 2019
byRicardo L0gan
 
PDF
The Ring programming language version 1.10 book - Part 59 of 212
byMahmoud Samir Fayed
 
PPTX
What happens when I press enter?
bytobiassjosten
 
PPTX
Automating malware analysis
byCysinfo Cyber Security Community
 
DOCX
Chatting dengan beberapa pc laptop
byyayaria
 
PDF
Python Asíncrono - Async Python
byJavier Abadía
 
PDF
Cryptography Attacks and Applications
byUTD Computer Security Group
 
DOCX
Ns2programs
byMeenakshi Devi
 
PDF
Arduino and the real time web
byAndrew Fisher
 
PDF
Go for the would be network programmer
byEleanor McHugh
 
DOC
Study of aloha protocol using ns2 network java proram
byMeenakshi Devi
 
SSH I/O Streaming via Redis-based Persistent Message Queue -Mani Tadayon
byRedis Labs
 
Encrypt all transports
byEleanor McHugh
 
Go for the paranoid network programmer
byEleanor McHugh
 
Aprils fool 2014
bybijan_
 
STOP NETCUT..!!
byMartindra K
 
Abusing text/template for data transformation
byArnaud Porterie
 
Information track presentation_final
byKazuki Omo
 
Threat hunting != Throwing arrow! Hunting for adversaries in your it environment
byNahidul Kibria
 
Creating an Arduino Web Server from scratch hardware and software
byJustin Mclean
 
Nullbyte 6ed. 2019
byRicardo L0gan
 
The Ring programming language version 1.10 book - Part 59 of 212
byMahmoud Samir Fayed
 
What happens when I press enter?
bytobiassjosten
 
Automating malware analysis
byCysinfo Cyber Security Community
 
Chatting dengan beberapa pc laptop
byyayaria
 
Python Asíncrono - Async Python
byJavier Abadía
 
Cryptography Attacks and Applications
byUTD Computer Security Group
 
Ns2programs
byMeenakshi Devi
 
Arduino and the real time web
byAndrew Fisher
 
Go for the would be network programmer
byEleanor McHugh
 
Study of aloha protocol using ns2 network java proram
byMeenakshi Devi
 

Similar to Ransomware for fun and non-profit

PPTX
ransomware keylogger rootkit.pptx
bydawitTerefe5
 
DOCX
Discussion Question Contrast file encryption and volume encryptio.docx
byJeniceStuckeyoo
 
PPTX
Pirates, Bandits, and Ne'erdowells: Practical Protection in the Dangerous Dig...
byEric Kolb
 
PPTX
Adventures in Asymmetric Warfare
byWill Schroeder
 
PDF
From velvet to silk there is still a lot of sweat
byStefano Maccaglia
 
PPTX
CryptoWall: How It Works
byTandhy Simanjuntak
 
PPTX
Ch15,secu..
byeman37aseb
 
PDF
Ch14 security
byWelly Dian Astika
 
PPTX
Protect Your Payloads: Modern Keying Techniques
byLeo Loobeek
 
PDF
Understand study
byAntonio Costa aka Cooler_
 
PPTX
The Rise of Ransomware
byTharindu Edirisinghe
 
PDF
Malware Analysis: Ransomware
bydavidepiccardi
 
PDF
Ransomware- What you need to know to Safeguard your Data
byInderjeet Singh
 
PDF
20111204 intro malware_livshits_lecture02
byComputer Science Club
 
PPTX
Security & threats Presentation => (Presenter: Komal Mehfooz)
byKomal Mehfooz
 
PPT
Software security
byjes_d
 
PPTX
Computer Security
bySatyajit Das
 
PDF
Ransomeware : A High Profile Attack
byIRJET Journal
 
PDF
Modern malware and threats
byMartin Holovský
 
PPTX
Unit 5 - Windows Credential Attacks.pptx
bySaiGanesh840371
 
ransomware keylogger rootkit.pptx
bydawitTerefe5
 
Discussion Question Contrast file encryption and volume encryptio.docx
byJeniceStuckeyoo
 
Pirates, Bandits, and Ne'erdowells: Practical Protection in the Dangerous Dig...
byEric Kolb
 
Adventures in Asymmetric Warfare
byWill Schroeder
 
From velvet to silk there is still a lot of sweat
byStefano Maccaglia
 
CryptoWall: How It Works
byTandhy Simanjuntak
 
Ch15,secu..
byeman37aseb
 
Ch14 security
byWelly Dian Astika
 
Protect Your Payloads: Modern Keying Techniques
byLeo Loobeek
 
Understand study
byAntonio Costa aka Cooler_
 
The Rise of Ransomware
byTharindu Edirisinghe
 
Malware Analysis: Ransomware
bydavidepiccardi
 
Ransomware- What you need to know to Safeguard your Data
byInderjeet Singh
 
20111204 intro malware_livshits_lecture02
byComputer Science Club
 
Security & threats Presentation => (Presenter: Komal Mehfooz)
byKomal Mehfooz
 
Software security
byjes_d
 
Computer Security
bySatyajit Das
 
Ransomeware : A High Profile Attack
byIRJET Journal
 
Modern malware and threats
byMartin Holovský
 
Unit 5 - Windows Credential Attacks.pptx
bySaiGanesh840371
 

Recently uploaded

PPTX
Febelfin Academy Presentation - Breakfast
byFinTech Belgium
 
PPTX
Overview-Swine-Production-and-Breeds-of-Swine.pptx
bypanangcadjhonemart2
 
PDF
AAC2026_Durcevic_Seeing the System: Making Relationships Visible to Unlock th...
byAgile Austria Conference
 
PDF
AAC2026_Lister_Understand your 'Scrum DNA' !pdf
byAgile Austria Conference
 
PPTX
alkali metal physical and chemical properties
byolurantifaith43
 
PPTX
Street and Hip-hop Dance - Power Point -
byrhanzcerhamirez16
 
PDF
Robbee Minicola PhD Oral Defense Presentation
byMicrosoft
 
PPTX
HUMAN RESOURCE STRATEGY & PERSONNEL PLANNING.pptx
bynaimaengfarah76
 
PDF
When to Use Google Ads Instead of Local Service Ads: 4 Clear Scenarios
byDigital Harvest
 
PDF
AAC2026_Tanzer_Grown Organically Software and Bonsai.pdf
byAgile Austria Conference
 
PDF
MENTAL HEALTH SESSION BY REHEMA MUTHONI MUCHAI.
by2402232
 
PDF
AAC2026_Keynote_Horx Strathern_Megatrends Countertrends.pdf
byAgile Austria Conference
 
PDF
AAC2026_Batusek_Beyond the Bus Factor: Build your teams for for the future.pdf
byAgile Austria Conference
 
PPTX
2026-02-08 Hebrews 06 (shared slides).pptx
byDale Wells
 
PDF
Presentation - French Revolution (Student Lecture).pdf
byacdebussy
 
PDF
What’s New in the Latest Roblox Update (2026)
bytenaciousmunir77
 
PDF
AAC2026_Lavrova_ The Second Spear of Agility Why We Need Meaning, Not Metrics...
byAgile Austria Conference
 
PDF
French Revolution { Class 9 } Presentation .pdf
bymanjusuhag88
 
PDF
Top 10 Tips To Buy Verified Binance Accounts_ An Educational Guide topselleri...
bygsghhgf8
 
PPTX
Bob Stewart Greater 02 08 2026.pptx
byFamilyWorshipCenterD
 
Febelfin Academy Presentation - Breakfast
byFinTech Belgium
 
Overview-Swine-Production-and-Breeds-of-Swine.pptx
bypanangcadjhonemart2
 
AAC2026_Durcevic_Seeing the System: Making Relationships Visible to Unlock th...
byAgile Austria Conference
 
AAC2026_Lister_Understand your 'Scrum DNA' !pdf
byAgile Austria Conference
 
alkali metal physical and chemical properties
byolurantifaith43
 
Street and Hip-hop Dance - Power Point -
byrhanzcerhamirez16
 
Robbee Minicola PhD Oral Defense Presentation
byMicrosoft
 
HUMAN RESOURCE STRATEGY & PERSONNEL PLANNING.pptx
bynaimaengfarah76
 
When to Use Google Ads Instead of Local Service Ads: 4 Clear Scenarios
byDigital Harvest
 
AAC2026_Tanzer_Grown Organically Software and Bonsai.pdf
byAgile Austria Conference
 
MENTAL HEALTH SESSION BY REHEMA MUTHONI MUCHAI.
by2402232
 
AAC2026_Keynote_Horx Strathern_Megatrends Countertrends.pdf
byAgile Austria Conference
 
AAC2026_Batusek_Beyond the Bus Factor: Build your teams for for the future.pdf
byAgile Austria Conference
 
2026-02-08 Hebrews 06 (shared slides).pptx
byDale Wells
 
Presentation - French Revolution (Student Lecture).pdf
byacdebussy
 
What’s New in the Latest Roblox Update (2026)
bytenaciousmunir77
 
AAC2026_Lavrova_ The Second Spear of Agility Why We Need Meaning, Not Metrics...
byAgile Austria Conference
 
French Revolution { Class 9 } Presentation .pdf
bymanjusuhag88
 
Top 10 Tips To Buy Verified Binance Accounts_ An Educational Guide topselleri...
bygsghhgf8
 
Bob Stewart Greater 02 08 2026.pptx
byFamilyWorshipCenterD
 

Ransomware for fun and non-profit

  • 1.
    Ransomware for Funand Non-Pro
  • 2.
    t Youness Zougar(@L3tsXpl0it) zougar92@gmail.com October 30, 2014 In this paper, I will be explaining how Ransomware works by giving some examples. This is done for Educational purposes only to understand better how Ransomware behaves. 1 What is a Ransomware ? Brie y, Ransomware is a type of malware created in the aim to restrict access to a victim's computer by encrypting
  • 3.
    les on thehard drive. After that, the victim is asked to pay the attacker to get the restriction removed by decrypting the encrypted
  • 4.
    les. CryptoLocker forexample is a Ransomware that infected more than 200K systems in the world, and generated millions of dollars to its developer. 2 How does it work ? The process is simple. Generally, when the Ransomware gets executed, it scans in background all the directories on the system looking for interesting
  • 5.
    les' extensions (.docx,.xlsx...) that were hard coded in it, then it en- crypts them using an encryption key. Some Ransomwares block completely the victims to access the system by changing the Winlogon shell value from explorer.exe to the the path of the malware executable. At the end, the Ran- somware pops-up a window asking the victim a ransom to get the decryption key. To push the victim to pay as fast as possible, some Ransomwares cap- ture webcam session and use it to freak out the victim. Now, we have an idea how simple Ransomware works. Let's go deeper into its functions. 1
  • 6.
    3 How Ransomwareis made ? 3.1 Scenario Let's think of a simple Ransomware scenario. The victim will get the executable on his machine (torrent download, an infected USB stick...) and launches it. A window will pop-up displaying a loading bar asking the victim to wait. In the meantime and in background, all the interesting