0
1
00:00:06,540 --> 00:00:11,400
In this section we will take the techniques that we learned during the analysis section and apply them
1

2
00:00:11,400 --> 00:00:17,840
to a real life ransomware case the malware we will be looking at is simplocker.
2

3
00:00:17,990 --> 00:00:23,720
This is a standard ransomware sample that prompts the victim with a warning screen telling them to pay
3

4
00:00:23,720 --> 00:00:25,520
a ransom to restore the device.
4

5
00:00:26,890 --> 00:00:33,450
In the background Simplocker encrypts the files on the device storage by reverse engineering the malware
5

6
00:00:33,450 --> 00:00:34,080
sample.
6

7
00:00:34,080 --> 00:00:39,060
We hope to obtain a good understanding of how the files are being encrypted.
7

8
00:00:39,070 --> 00:00:44,740
This will allow us to create a decryption tool that decrypt the encrypted files.
8

9
00:00:44,740 --> 00:00:49,810
The goal here is to use the knowledge gained in the previous sections and apply them to a real life
9

10
00:00:49,840 --> 00:00:50,680
use case.
10

11
00:00:52,180 --> 00:00:57,450
We will start off by showing a report generated during the automated analysis of the malware sample
11

12
00:00:58,730 --> 00:01:04,530
then we will run the malware sample on our emulator in order to observe the behavior.
12

13
00:01:04,560 --> 00:01:10,620
Next we will apply a static analysis techniques to the sample in order to obtain the necessary information
13

14
00:01:10,650 --> 00:01:16,740
that could lead to decryption and finally we will create a decryption tool that will restore the encrypted
14

15
00:01:16,740 --> 00:01:18,150
files on our device.