Hello Rob,

Am 02.06.2021 um 21:19 schrieb Rob Berendt <rob@xxxxxxxxx>:

The point of this library was to test encrypting objects. Therefore encrypting them to test encryption is necessary.

No. What Ransomware does is somewhat simplified an open() to the file, read it somehow, maybe closes it again, or does a seek() to the file's beginnings, and then writes() the encrypted data. The encryption is done within the EXE of the ransomware.

This has *nothing* to do with what Windows offers for encryption.

Open (but irrelevant in this thread's context) questions: Does encryption take place in memory only? How is the file handling really done? What does the ransomware do when the file size + encrypted size > available RAM + swap? …

:wq! PoC


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.