Dude, Where Are My Files? Reverse Engineering Ransomware

Abstract:

Join Mike Sikorski from the FLARE team as he dissects ransomware found by our Mandiant Investigators and iSIGHT Intel Analysts. Mike will discuss some of the most famous ransomware attacks in recent memory such as WannaCry and Petya. In the demo, he’ll show exactly how the FLARE team reverse engineers malware using a real-world sample.

About the FLARE team:

The FLARE team is an elite technical enclave of reversers, malware analysts, researchers, and teachers. Many FireEye groups leverage the FLARE team: iSIGHT Intel analysts track attack groups, Mandiant Services discover malware during incident response, FireEye-as-a-Service constantly discovers threats on client networks, and the Products team benefits from in-depth reversing to help improve detection capabilities. We provide technical training on malware analysis both privately and at conferences like Black Hat. Download our free tools for malware analysis like FLOSS, FakeNet-NG, and FLARE VM. Try taking on the Annual FLARE-On Challenge to test you Reverse Engineering skills!

About Michael Sikorski:

Michael Sikorski is a Senior Director and Founder of the FireEye Labs Advanced Reverse Engineering (FLARE) Team. He leads the team through his extensive experience in reverse engineering malware. He provides oversight to all research projects and manages the analysis process used by the team. Mike created a series of courses in malware analysis and teaches them to a variety of audiences including the FBI, NSA, and Black Hat. He is the co-author of the book “Practical Malware Analysis,” which is published by No Starch Press. Mike came to FireEye through its acquisition of Mandiant, where he worked for seven years. Prior to Mandiant, he worked for MIT Lincoln Laboratory and the National Security Agency. Mike is also an Adjunct Assistant Professor at Columbia University’s Department of Computer Science.