Forensic Analysis of a Ransomware

In the present digital world malware is the most potent weapon. Malware, especially ransomware, is used in security breaches on a large scale which leads to huge losses in terms of money and critical information for big firms and government organisations. In order to counter the future ransomware attacks it is necessary to carry out a forensic analysis of the malware. This experiment proposes a manual method for dynamic malware analysis so that security researchers or malware analyst can easily understand the behaviour of the ransomware and implement a better solution for reducing the risk of malware attack in future. For doing this experiment Volatility, Regshot and FTK Imager Lite Forensics toolkit were used in a virtual and safe environment. The forensic analysis of a Ransomware is done in a virtual setup to prevent any infection to the base machine and carry out detailed analysis of the behaviour of the malware under different conditions. Malware analysis is important because the behavioral analysis helps in developing better mitigation techniques thereby reducing infection risks. The research can prove effective in development of a ransomware decryptor which can be used to recover data after an attack has encrypted the files.