2022
09.21

Trojan.Ransom.Ryuk.A ransomware looks for and executes DLLs in its current directory. Therefore, we can potentially hijack a DLL, execute our own code, and control and terminate the malware pre-encryption. Once loaded the exploit dll will check if the current directory is “C:WindowsSystem32” and if not, we grab our process ID and terminate. All basic tests were conducted successfully in a virtual machine environment.

No Comment.

Add Your Comment

You must be logged in to post a comment.