grep -rl "Ransomware" ./posts

#Ransomware

3 matches

DragonForce: Deep Reverse Engineering of the Ransomware Behind M&S and Co-op UK

Full technical analysis of DragonForce's Windows x86 encryptor: MinGW C++ with Salsa20 multi-mode encryption, BYOVD kernel driver EDR bypass (rentdrv2.sys + truesight.sys), WMI shadow copy deletion, Restart Manager file handle killing, IOCP network scanning, and COM-based scheduled task persistence.

2026-07-07 · 20 min

RansomHub: Deep Reverse Engineering of the #1 Active RaaS

Full technical analysis of RansomHub's Go-based Windows encryptor: garble package obfuscation, X25519+ChaCha20 encryption scheme, built-in SMB lateral movement using go-smb, IOCP parallel file encryption, and service recovery disruption.

2026-07-06 · 16 min

SafePay Ransomware: Deep Reverse Engineering of a LockBit 3.0 Fork

Assembly-level analysis of SafePay ransomware — a LockBit 3.0 derivative with a custom CRC-32 import resolver, triple-XOR string obfuscation, IOCP-driven parallel encryption, and NT-layer privilege escalation. Full API inventory recovered by cracking 130+ export hashes.

2026-07-05 · 16 min

← back to listing