Tuesday 31 July 2018

VB2018: Artificial intelligence to assist with ransomware cryptanalysis

It's always very exciting for me to be able to attend and, moreover, speak at the Virus Bulletin Conference. Because, it is the oldest and the most respectful antivirus conference that has been running since 1991 where cybersecurity experts from academia and industry gather to share their ideas, research, and forecasts. You can meet the researches who helped to boost the antivirus industry decades ago and are now the core of the antivirus community.

This year in Montreal, we'll present an academic research conducted by my master student Kateryna Vitiuk under my supervision and devoted to Cryptanalysis of ransomware with the help of Artificial Intelligence.

When analyzing ransomware, we often see the hardcoded implementation of the AES, RC4, Salsa20 algorithms, for example in TeslaCrypt, Locky, GlobeImposter, MoneroPay ransomware. The ciphers' code can be poorly detected in the ransomware's memory dumps using the signature-based approach using Krypto ANALyzer (KANAL) for PEiD tool and publicly available Yara rules. Therefore, we assumed that it is possible to use the smart pattern matching method to find the known crypto primitives in the ransomware's disassembled code.

See also: