Breaking Ransomware

Ransomware is a type of malware that is used by cybercriminals. So, to break that malware and find loopholes, you will first have to understand the details of ransomware. If you are looking to understand the internals of ransomware and how you can analyze and detect it, then this book is for you.

This book starts with an overview of ransomware and its building blocks. The book will then help you understand the different types of cryptographic algorithms and how these encryption and decryption algorithms fit in the current ransomware architectures. Moving on, the book focuses on the ransomware architectural details and shows how malware authors handle key management. It also explores different techniques used for ransomware assessment. Lastly, the book will help you understand how to detect a loophole and crack ransomware encryption.

By the end of this book, you will be able to identify and combat the hidden weaknesses in the internal components of ransomware.

KEY FEATURES  

• Get an overview of the current security mechanisms available to prevent ransomware digital extortion.
• Explore different techniques to analyze a ransomware attack.
• Understand how cryptographic libraries are misused by malware authors to code ransomwares.

WHAT YOU WILL LEARN

• Get familiar with the structure of Portable Executable file format.
• Understand the crucial concepts related to Export Directory and Export Address Table.
• Explore different techniques used for ransomware static and dynamic analysis.
• Learn how to investigate a ransomware attack.
• Get expert tips to mitigate ransomware attacks.

WHO THIS BOOK IS FOR

This book is for cybersecurity professionals and malware analysts who are responsible for mitigating malware and ransomware attacks. This book is also for security professionals who want to learn how to prevent, detect, and respond to ransomware attacks. Basic knowledge of C/C++, x32dbg and Reverse engineering skills is a must.

Section I: Ransomware Understanding

1. Warning Signs, Am I Infected?
2. Ransomware Building Blocks
3. Current Defense in Place
4. Ransomware Abuses Cryptography
5. Ransomware Key Management

Section II: Ransomware Internals

6. Internal Secrets of Ransomware
7. Portable Executable Insides
8. Portable Executable Sections

Section III: Ransomware Assessment

9. Performing Static Analysis
10. Perform Dynamic Analysis

Section IV: Ransomware Forensics

11. What’s in the Memory
12. LockCrypt 2.0 Ransomware Analysis
13. Jigsaw Ransomware Analysis

Section V: Ransomware Rescue

14. Experts Tips to Manage Attacks

Author: Jitender Narula has 20+ years of cyber security industry experience on the projects of AT&T, Citrix, Google, Boeing, SEDENA Mexico, IPolicy Networks (Tech Mahindra now), Conexant, HFCL, iiCyberSecurity, SKY, Delhi Police, Delhi University and Latin American government agencies. He has published technology articles, research and interviews in the area of cyber security on Security Newspaper (www.securitynewspaper.com), NoticiasSeguridad (noticiasseguridad.com) and contributed to the Vishvas News, which is part of Dainik Jagran (Indian Hindi language daily newspaper). Narula has also published a book on Reverse Engineering with the renowned publication house “BPB publications” with the title “Implementing Reverse Engineering”.

Co-author: Atul Narula has 16+ years of experience in the implementation of cyber security services and solutions for different companies such as Accenture, Hexaware, iiCyberSecurity, Idemia, Air Canada, Telcel, Unisys, Petronic, Sectur and Mexican and other latin american Government agencies. He is proficient in English and Spanish. He has been awarded YouTube Silver Play Button for cyber security channel NoticiasSeguridad Informatica. He has also published articles, research papers on NoticiasSeguridad (noticiasseguridad.com), Exploit One (www.exploitone.com), Cibertip (www.cibertip.com) and contributed to the Televisa Telemundo News and El Pais news.