Over the past year, a major change in tactics employed by ransomware adversaries has been to exfiltrate data from the victim's environment. This data then serves as the material for an extortion threat on top of the ransom for encrypted data, and has become a common tactic by most major ransomware families. To support this tactic, some ransomware operators have added a specific type of malware to perform this exfiltration to their intrusion set.
During this webinar, Rob Simmons, Independent Malware & Threat Researcher at ReversingLab, will analyze a ransomware sample that performs data exfiltration in his malware lab. Rob will show how the malware uploads a set of files from the victim's computer to command and control servers, how to identify anti-analysis behavior, and then how to hunt for related variants of the same malware.