Royal Rumble: Analysis of Royal Ransomware:
In today’s landscape, the race between detection engineers and malware authors keeps evolving. The ransomware scene is no different.
In our talk, we will show how the Royal ransomware authors took multiple approaches to win this race, and how we as safety researchers must adapt to detect it.
We will start by walking through the threat intel aspect of the group, explaining how the ransomware itself is being deployed, which actors are associated with the royal group, and which malware is taking part of the full ellipse of the Royal ransomware operation.
Next, we will dig deep into the ransomware binary itself and display the full reverse engineering of the Royal ransomware payload. We will show how the ransomware operates from a code perspective, from the beginning until the encryption yet occurs.
In our talk, we will emphasize the fresh trend of “partial encryption” and how it took over as the main method of evasion in the ransomware landscape. We will show how Royal ransomware took this approach to the next level by allowing the ransomware operator to choose the encryption percent of the targeted files.
We will talk about the challenges of anti-ransomware products in dealing with the concept of partial encryption and specifically the Royal ransomware approach, and besides elaborate on the approach and mindset needed to overcome this challenge.
We hope our talk will rise awareness of the hazard of being unprepared erstwhile this fresh wave of next generation ransomware arrives, and hopefully how we as the safety community can deal with this challenge.
https://confidence-conference.org/
![[#104] Wykorzystanie narzędzi BAS do wzmocnienia bezpieczeństwa - Piotr Kawa, Błażej Długopolski](https://i1.ytimg.com/vi/-wnYrwWZA38/maxresdefault.jpg)
![[#103] Jak regulacje determinują architekturę środowiska IT - Wojciech Wencel](https://i1.ytimg.com/vi/26Vr-y2G_xQ/maxresdefault.jpg)
