Forensics-Analysis for Windows based Ransomware Attacks
This dashboard is part of a student research project and case study. It demonstrates the Command & Control (C2)
infrastructure of a simulated ransomware attack for educational and analytical purposes.
Theory
Ransomware Lifecycle
Understanding the standard phases of an attack:
- Distribution: Delivery via phishing, exploit kits, or RDP.
- Infection: Execution and persistence mechanisms.
- Communication: C2 contact for key exchange (simulated here).
- Encryption: File locking and key generation.
- Extortion: Ransom note display and payment demand.
Methods for Ransomware Analysis
- Static Analysis: Examining code without execution (Decompilation, signature matching).
- Dynamic Analysis: Running malware in a sandbox to observe behavior.
- Memory Forensics: Extracting keys or artifacts from RAM.
Implementation: Case Study
This project demonstrates a complete attack and defense cycle:
- Image Copy Process: Creating forensic images of infected systems.
- Detection: Identifying network beacons (this dashboard) and file system anomalies.
- Behavior Analysis: Observing the "Hidden Tear" variant in a controlled environment.