Question: ransomware programs contact their home sites to request a key which they then use to encrypt your data. You then have to pay the hackers to get a copy of the key to decrypt your data. How can we use this setup to test for ransomware if DNS requests never make it pass the Remnux VM?
Have you done this test yet? Curious if the encryption never starts or if the ransomware just encrypts with any random key? It's not like they care about person's data. They might just end all forms of communication to the victim once the payment is made
@@ShantanuBaviskar I experienced this once with a client whose office was infected by ransomware. The virus made its way onto the entire network via an infected USB stick from an employee. First thing the virus did was to contact the hacker's server to request a key which it then used to encrypt all the files on the server. It even encrypted the backup files (this was just before the advent of cloud backup). The ONLY WAY to retrieve the data was to pay off the hackers, they wanted something like 2,000 Euros but I negotiated them down to about 700. They were surprisingly polite and accommodating, but then again this was when ransomware first became a thing a couple of years ago. The minute we paid them in bitcoins, they emailed us the decryption key. After entering the key in the ransomware exe, it immediately decrypted all our files. As I understand it though, if the ransomware exe can't reach its home server for an encryption key, then it simply ends itself because it can't encrypt your files without a key. That's why the first thing to do if you think you've been infected by ransomware is to IMMEDIATELY disconnect the internet connection.
Your network's logical name won't be enp0s3. type "sudo lshw -C network" to find your netowrk's logical name. So in the video, everytime you see enp0s3, replace it with that. In my case, it was actually ens33. *Please pin it or like it so more people will see.*
@rootkits I am testing hacking programs like RATs. My home router doesn’t have a VLAN option. So how can I make my VMWARE isolated from the host and networks but still having internet connection?
how do i type in remnux? im pressing keys tried soft keyboard clicked on the remnux command terminal thing , went full screen but yet nothing worked. Can you help?
When I open remnux from virtualbox, I get an error: "oh no something has gone wrong" "A problem has occurred and the system can't recover" Any solution for this?
Sir thank you for the vid. For ransomware this would not work right? since it has to be connected to the internet to retrieve the keys. What would be your recommendation in such a case?
Please show us how you actually download the malware samples. I've seen so many mixed messages for the best way to do this. Shared folders make me uncomfortable. Do you download the samples using a VM with internet access and then remove the network adapter and then analyse the malware with no internet connection? Is there no risk of downloading it first with internet enabled or is it relatively safe as long as the executable is not ran?
Good question, I agree that connections with your host machine whether direct or indirect can be scary. What I would recommend is to create a snapshot (backup image) of the vm state where there is internet access - (during this point you should also download the samples on the vm) and then another snapshot directly afterwards, with no internet access. So essentially, whenever you need to download a new sample, you can revert back to an older snapshot instantly where your vm has internet access, and then you can download a new sample, disable internet, and run the malware.
@@xrootkits Thanks, you could also clarify for others that most malware samples are compressed and password protected so there usually isn't a direct threat until you extract the sample from archive. Even then, the files in the archive have their file extension removed or changed to something so the .exe is not activated upon opening it.
@@BorisJohnsonMayor You're welcome, and yeah that is completely true, I actually made a video on theZoo a while back on my tiktok, one of my first videos actually
Hello could you please tell where you downloaded the malware sample from that you ran in the video ? Would it possible for you to share it? I need it for a malware analysis demonstration for educational purposes.
