Jump to content
Nytro

How (and why) we defeated DIRCRYPT

By Nytro, in Reverse engineering & exploit development

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

HOW (AND WHY) WE

DEFEATED DIRCRYPT

DirCrypt is a particularly nasty variant of ransomware. In addition to encrypting most

of the user’s files and demanding ransom for their decryption, the malware stays

resident in the system, and immediately encrypts any new file which is created or

saved. Therefore, the user is completely prevented from using the computer normally.

The normal advice to victims of ransomware is to recover files from some previous

backup. If there isn’t a backup, the victims are given the option of either accepting the

loss of their data—or paying the attacker. However, Check Point’s Malware Research

Team has found that in the case of DirCrypt, victims of the malware can recover almost

all of their data, due to several weaknesses in the way the malware implements its

crypto functionality.

Download: http://www.checkpoint.com/download/public-files/TCC_WP_Hacking_The_Hacker.pdf

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...