Análisis de un ataque Ransomware. Desarrollo del ransomware Gengar

Abstract

[en] Ransomware also known as digital extortion or digitalblackmail, are a kind of attack that denies access to personal information and other files stored in a device. In exchange for bringing back your data, the perpetrator asks for a financial ransom, through a ransom note. On the one hand, with this work I want to raise awareness and to study and to expose detailed information about what the ransomware is. It’s evolution, their anatomy, the types, the different families that currently exist and how we can appropriately prevent this type of threats. On the other hand, I have also wanted to see how this type of malware works from inside. To do this, I have written, from scratch, my own interpretation, named as Gengar, to explore the most advanced techniques that are used to compromise the security of systems, among others, like for example, to distribute the malware using Office macros, how to detect the execution on an isolated environments, among others. Through both parts, one a little more theoretical and the other more focused on developing the methods used by virus programmers (who are able to trick the different systems), I hope to be able to explain all the learnt stuff about the interesting world of cybersecurity, and about this kind of threat, that in recent years has been a real pain in the neck for too many companies of all sizes.