Thursday, 10 August 2017

Serpent Ransomware Analysis

The new Octopus cryptolocker being an offspring of the Serpent/Zyklon/WildFire/HadesLocker families shows that .NET ransomware can be not an easy meat for a reverse engineer. It leverages several types of obfuscation, code encryption, and anti-debugging to protect its C# code from decompilation and analysis.

See our analysis in the Acronis blog. https://www.acronis.com/en-us/blog/posts/serpent-pretends-be-octopus-new-step-zyklon-ransomware-evolution

Monday, 7 August 2017

Spora Ransomware Analysis



Similar to Cerber (Ferber) ransomware, Spora has its own intricate encryption file format and does not encrypt the whole file. The encryption block size varies depending on a file size.

Read our analysis of Spora ransomware for Acronis https://www.acronis.com/en-us/blog/posts/spora-gets-update-youre-safe-acronis-active-protection