We can't find the internet
Attempting to reconnect
Something went wrong!
Hang in there while we get back on track
37C3 - Unlocked! Recovering files taken hostage by ransomware
Recover files taken hostage by ransomware - learn about the inner workings of cryptomalware and how to decrypt files using symmetric and asymmetric cryptography techniques.
- Ransomware gangs are getting more efficient in their attacks, using cryptography and sophisticated malware.
- The file size of 5,000 bytes is a common threshold for full-encryption.
- Key points: symmetric cryptography is used for file encryption asymmetric cryptography (RSA or ECC) is used for key generation victim-specific key generation helps to prevent decryption victims may be able to recover their files by XORing unknown plaintext with the keystream.
- The author hopes to spread awareness and prevent future incidents.
- Some organizations have fallen victim to ransomware attacks, and the author suggests having backups as a solution.
- The importance of responsible IT security and patch management is highlighted.
- Law enforcement agencies and incident responders can provide valuable assistance in dealing with ransomware attacks.
- Efficient decryption methods can be used to recover encrypted files.
- The author invites the audience to try recovering encrypted samples from GitHub.
- Some victim-specific information was shared, including the XOR operation’s ability to reverse.
- The event showed how to decrypt files taken hostage by ransomware.
- Specific event information: Hosted at 37C3 The author, Tobias, is a German free software advocate The talk focused on recovering files taken hostage by ransomware.