Course Description

Ransomware Analysis is a comprehensive course designed to equip malware analysts and cybersecurity professionals with the essential knowledge and skills needed to understand, analyze, and decrypt ransomware. Ransomware poses a significant threat to organizations and individuals alike, often leading to data encryption and extortion demands. This course delves deep into the mechanisms behind ransomware, exploring various encryption techniques, Windows Crypto APIs, system enumeration, and file manipulation. Participants will gain hands-on experience through practical exercises and labs, enabling them to dissect ransomware samples, identify encryption algorithms, extract encryption keys, and develop decryptors.

Pricing Options

Kindly choose the enrollment pricing option that suits you best. If you're enrolling as a group or need a custom plan, please contact us. We're here to help!

  • Ransomware Analysis 101

    Course Material + 40 hours of virtual lab access

    $100.00

    Buy Now

  • Ransomware Analysis 101

    Course Material - No virtual lab access

    $50.00

    Buy Now

Course Curriculum

  • 01

    Required Files

    • Required Files
  • 02

    Introduction

    • Introduction

    • The most Prolific Ransomware Families

    • Exercise #1
  • 03

    Encryption Algorithms

    • Encryption Algorithms

    • What is Encoding?

    • Symmetric Encryption Algorithms-XOR

    • Exercise #2

    • Symmetric Encryption Algorithms- Caesar Cipher

    • Exercise #3

    • Symmetric Encryption Algorithms- RC4

    • Exercise #4

    • Symmetric Encryption Algorithms- AES

    • Exercise #5

    • Asymmetric Encryption Algorithms
  • 04

    Windows Crypto APIs

    • Windows Crypto APIs and How to Analyze Them

    • Exercise #6

  • 05

    Windows Internet APIs

    • Windows Internet APIs

    • Exercise #7

    • Lab #1

    • Lab #1 - Solutions
  • 06

    Ransomware Helper APIs

    • Ransomware Helper APIs

    • System Enumeration APIs

    • File Manipulation APIs

    • Exercise #8

    • Exercise #9
  • 07

    Decrypting Ransomware?!

    • Can We Decrypt Ransomware?!

    • Exercise #10

    • Exercise #11
  • 08

    Hands-on Labs

    • Lab #2

    • Lab #2 - Solutions

    • Lab #3

    • Lab #3 - Solutions

    • Lab #4

    • Lab #4 - Solutions

    • Lab #5

    • Lab #5 - Solutions

Learning Outcomes

After completing this course, you will learn the following:

  • Understand the fundamental concepts of ransomware and its impact on organizations and individuals

  • Differentiate between different encryption types.

  • Identify various encryption algorithms commonly used in ransomware.

  • Gain proficiency in analyzing Windows Crypto APIs and discerning their role in ransomware encryption processes.

  • Analyze sample ransomware using static and dynamic analysis techniques to extract encryption keys and understand encryption algorithms.

  • Explore the use of Windows Internet APIs in ransomware and develop strategies for analyzing ransomware communication with remote servers.

  • Investigate system enumeration APIs and file manipulation APIs utilized by ransomware for identifying and encrypting target files.

  • Develop decryptors for ransomware samples by reverse-engineering encryption processes, extracting encryption keys, and reversing encryption algorithms.

Technical Requirements

For the hands-on labs in this course

  • Internet Connection

  • Workstation with at least 16GB RAM and 100GB Disk Space

  • Operating System (Windows or Linux)

  • VirtualBox or VMWare (hypervisor)

What is next at Cyber 5W?

Add your email to the mailing list to get the latest updates