Thursday, 10 August 2017

Serpent Ransomware Analysis

The new Octopus cryptolocker being an offspring of the Serpent/Zyklon/WildFire/HadesLocker families shows that .NET ransomware can be not an easy meat for a reverse engineer. It leverages several types of obfuscation, code encryption, and anti-debugging to protect its C# code from decompilation and analysis.

Monday, 7 August 2017

Spora Ransomware Analysis

Similar to Cerber (Ferber) ransomware, Spora has its own intricate encryption file format and does not encrypt the whole file. The encryption block size varies depending on a file size.