Over the last 12 months, ransomware has rapidly become one of the most prevalent information security threats to a vast number of organisations of any size, as well as the individual consumer. It is a highly lucrative opportunity for criminals and is claiming a growing list of victims. Indeed, at Cyberis, we have experienced a significant upward trend in incident response services and requests for our advice due to ransomware events.
A common technique when performing dynamic analysis of potential malware is to actually run it in an isolated virtual machine. I've written two scripts in Perl that serve as a fake DNS server and a basic web server.
It is surprisingly easy to protect against the majority of malware infections on a Windows host, and contrary to popular belief, installing antivirus is not the best solution.
I want to try and keep this blog fairly high-level to allow non-techies to benefit from the protection, so the technical detail is shown with italics. The guide is focused towards Windows XP, though any modern Microsoft operating system will be very similar (though consider using AppLocker rather than SRP on Windows 7).