Ransomware Case Study: Discovering CovidLock

  • Date 20 Oct 2020

Ransomware Case Study: Discovering CovidLock

20 Oct 2020, 12:00 - 12:25

Technology Showcase

Since the initial outbreak of COVID-19, cybercriminals have since found many ways to take advantage of anxious and fearful users. There have been reports of TrickBot campaigns, Ryuk ransomware targeting hospitals, and hackers hijacking routers’ DNS to spread malicious COVID-19 Apps. The DomainTools Security Research Team recently discovered a website luring users into downloading an Android application under the guise of a COVID-19 heat map.

This session will demonstrate how to proactively identify these types of campaigns and provide defenders with strategies to keep themselves and their organisation safe. Join Chad Anderson and Tarik Saleh to walk through the entire process of identifying a nefarious domain, mapping connected infrastructure, and reverse-engineering a ransomware attack.

4 Benefits for Delegates:

  1. Learn how the domain was initially discovered luring users into downloading a nefarious Android Application
  2. See how mapping connected infrastructure led to additional IoCs and attribution
  3. Discover how the Security Researchers conducted ransomware analysis and reverse-engineered the decryption key
  4. Understand how to proactively identify these campaigns and stay a step ahead of threat actors

Presented by: Chad Anderson, Senior Security Researcher, DomainTools
                     Tarik Saleh, Senior Security Engineer and Malware Researcher, DomainTools


Business Issues

  1. Business Issues Covered
    • Understand internal and external threats and keep a business secure‎