Cracking Ransomware: Bypassing Anti-Analysis Techniques and Decrypting LockBit Black Ransomware

Sdílet
Vložit
  • čas přidán 16. 08. 2023
  • SANS Ransomware Summit 2023
    Cracking Ransomware: Bypassing Anti-Analysis Techniques and Decrypting LockBit Black Ransomware
    Speaker: Noël Keijzer, Incident Responder/Reverse Engineer, Northwave
    In the last years, ransomware groups have been knocking companies offline across the world, demanding ever-increasing sums of money for a key to unlock encrypted machines and data. From a technical perspective, the biggest challenge is to decrypt the hostage data held for ransom, without a valid decryption key. Some say that this is close to impossible. But reverse engineers (RE) are here to prove the contrary. Besides the encryption algorithms that a ransomware group uses (e.g., original or modified versions of RSA, AES-256 and ChaCha20), they also use “anti-analysis” techniques (e.g., packing, string obfuscation and dynamic API loading). Therefore, the challenge of REs is to bypass anti-analysis techniques and find flaws in the encryption algorithms used by a ransomware group. We succeeded in both challenges while fighting against the LockBit ransomware group. This was the most prevalent ransomware group of Q3 2022 (i.e., 22% of all global ransomware attacks), according to Mandiant. In this presentation, we will explain how we have bypassed their anti-analysis techniques and cracked their encryption algorithm. In addition to this, we will publicly demonstrate and release the decryption tool that we created against LockBit Black. Our main goal with this presentation is to shed light on our approach, and to incentivize the community to use it to fight back against ransomware groups.
    View upcoming Summits: www.sans.org/u/DuS
  • Věda a technologie

Komentáře • 4

  • @KUDASAM
    @KUDASAM Před 9 měsíci +2

    and how to decrypt lockbit files? please

    • @thatsofranco
      @thatsofranco Před 6 měsíci

      The only way to decrypt your files is with the key that was randomly generated for the attack. Only the attackers will have the key.

    • @bil4103
      @bil4103 Před měsícem

      @@thatsofranco plus "salt" don't forget to it

    • @nahrafe
      @nahrafe Před měsícem

      ​@@thatsofranco So what's the point of this vid then

Další v pořadí
Automatické přehrávání
Panel | Going Dark: DOS’ing Yourself for the Better49:41Panel | Going Dark: DOS’ing Yourself for the Better
Panel | Going Dark: DOS’ing Yourself for the BetterSANS Institute
zhlédnutí 361
Understanding Ransomware Threats to ESXi: Essential Insights53:39Understanding Ransomware Threats to ESXi: Essential Insights
Understanding Ransomware Threats to ESXi: Essential InsightsSANS Institute
zhlédnutí 1,4K
SANS Webcast: Effective (Threat) Hunting Techniques54:01SANS Webcast: Effective (Threat) Hunting Techniques
SANS Webcast: Effective (Threat) Hunting TechniquesSANS EMEA
zhlédnutí 29K
What Country's Flag Is It? #asmr #satisfying #oddlysatisfying #satisfyingvideo #asmrsounds #aluminum00:17What Country's Flag Is It? #asmr #satisfying #oddlysatisfying #satisfyingvideo #asmrsounds #aluminum
What Country's Flag Is It? #asmr #satisfying #oddlysatisfying #satisfyingvideo #asmrsounds #aluminumOddly Satisfying
zhlédnutí 26M
JO PARIS 2024 - Céline Dion chante "L'hymne à l'amour" sur la Tour Eiffel à la cérémonie d'ouverture02:28JO PARIS 2024 - Céline Dion chante "L'hymne à l'amour" sur la Tour Eiffel à la cérémonie d'ouverture
JO PARIS 2024 - Céline Dion chante "L'hymne à l'amour" sur la Tour Eiffel à la cérémonie d'ouvertureEurosport France
zhlédnutí 5M
YZO & PTK - NO SLEEP GANG / GET LOW (official double music video)06:06YZO & PTK - NO SLEEP GANG / GET LOW (official double music video)
YZO & PTK - NO SLEEP GANG / GET LOW (official double music video)Milion Plus
zhlédnutí 623K
KARMA AT SCHOOL 🏫 Stop time00:32KARMA AT SCHOOL 🏫 Stop time
KARMA AT SCHOOL 🏫 Stop timedednahype
zhlédnutí 29M
Understanding the New NIS2 Directive: Compliance for EU Businesses42:37Understanding the New NIS2 Directive: Compliance for EU Businesses
Understanding the New NIS2 Directive: Compliance for EU BusinessesSANS Institute
zhlédnutí 358
CISSP-Domain 1-Review Questions 1 to 2028:43CISSP-Domain 1-Review Questions 1 to 20
CISSP-Domain 1-Review Questions 1 to 20Seo Rod
zhlédnutí 3,3K
Groundbreaking New Solar Energy System - Too Good to be True?7:07Groundbreaking New Solar Energy System – Too Good to be True?
Groundbreaking New Solar Energy System - Too Good to be True?Sabine Hossenfelder
zhlédnutí 413K
Cyber Wars: The Legal Force Awakens56:35Cyber Wars: The Legal Force Awakens
Cyber Wars: The Legal Force AwakensSANS Institute
zhlédnutí 638
NIST AI Risk Management Framework & Generative AI Profile | Lunchtime BABLing 3644:08NIST AI Risk Management Framework & Generative AI Profile | Lunchtime BABLing 36
NIST AI Risk Management Framework & Generative AI Profile | Lunchtime BABLing 36BABL AI Inc.
zhlédnutí 1,1K
How to transition from feeling overwhelmed to achieving hyperfocus in 45 minutes or less10:35How to transition from feeling overwhelmed to achieving hyperfocus in 45 minutes or less
How to transition from feeling overwhelmed to achieving hyperfocus in 45 minutes or lessSANS Institute
zhlédnutí 236
Do you think that ChatGPT can reason?1:42:28Do you think that ChatGPT can reason?
Do you think that ChatGPT can reason?Machine Learning Street Talk
zhlédnutí 25K
AI Security Interview Series: LLM Security and Abuse Cases24:31AI Security Interview Series: LLM Security and Abuse Cases
AI Security Interview Series: LLM Security and Abuse CasesRobust Intelligence
zhlédnutí 197
Using the NIST AI Risk Management Framework // Applied AI Meetup October 202354:48Using the NIST AI Risk Management Framework // Applied AI Meetup October 2023
Using the NIST AI Risk Management Framework // Applied AI Meetup October 2023Applied AI
zhlédnutí 8K
Nvidia Has A Very Unique Problem #funfact01:00Nvidia Has A Very Unique Problem #funfact
Nvidia Has A Very Unique Problem #funfactDoug Sharpe
zhlédnutí 3,9M
This was designed for me? I’m INSULTED. - Nokia 321007:15This was designed for me? I’m INSULTED. - Nokia 3210
This was designed for me? I’m INSULTED. - Nokia 3210ShortCircuit
zhlédnutí 305K
Overrated vs. Underrated Tech00:31Overrated vs. Underrated Tech
Overrated vs. Underrated TechGohar Khan
zhlédnutí 7M
החלפת מסך #iphone13 #Fixit00:56החלפת מסך #iphone13 #Fixit
החלפת מסך #iphone13 #FixitTamar DB (mt)
zhlédnutí 2,6M
iPhone 16 с инновационным аккумулятором00:45iPhone 16 с инновационным аккумулятором
iPhone 16 с инновационным аккумуляторомÉЖИ АКСЁНОВ
zhlédnutí 10M
Apple, Microsoft outage, Bob Newhart, Lou Dobbs, Where is Melania Trump, Trump speech TODAY00:12Apple, Microsoft outage, Bob Newhart, Lou Dobbs, Where is Melania Trump, Trump speech TODAY
Apple, Microsoft outage, Bob Newhart, Lou Dobbs, Where is Melania Trump, Trump speech TODAYWarptoys
zhlédnutí 534K
HOW ARE YOU STILL ALIVE00:57HOW ARE YOU STILL ALIVE
HOW ARE YOU STILL ALIVEJerryRigEverything
zhlédnutí 1,9M
How NVIDIA just beat every other tech company09:20How NVIDIA just beat every other tech company
How NVIDIA just beat every other tech companyMrwhosetheboss
zhlédnutí 1,6M