H
hjlbx
Thread author
Bromium: Understanding Crypto-Ransomware (PDF)
https://www.bromium.com/sites/default/files/bromium-report-ransomware.pdf
Despite having some advanced\technical code details, this report is easily understood - and therefore - useful to those interested in understanding the basics of ransomware.
For example:
"The most common mode of operation for crypto-ransomware droppers
is process injection. It is done by creating a suspended process (such as
explorer.exe or svchost.exe) and swapping the image with the unpacked
payload."
One can get the jist of ransomware mechansim(s).
If one is so inclined there are good PDF ransomware reports by McAfee and Sophos as well. Just do an online search "ransomware PDF."
https://www.bromium.com/sites/default/files/bromium-report-ransomware.pdf
Despite having some advanced\technical code details, this report is easily understood - and therefore - useful to those interested in understanding the basics of ransomware.
For example:
"The most common mode of operation for crypto-ransomware droppers
is process injection. It is done by creating a suspended process (such as
explorer.exe or svchost.exe) and swapping the image with the unpacked
payload."
One can get the jist of ransomware mechansim(s).
If one is so inclined there are good PDF ransomware reports by McAfee and Sophos as well. Just do an online search "ransomware PDF."
Last edited by a moderator: