Our Scenarios
forensics, reverse

Moldova Ransomware Analysis

The National Bank of Cyprosa has been infected with ransomware and many computers have been affected, especially many of the laptops from the senior management. You have been called in to investigate the problem and to try and see if you can recover the encrypted files. As part of your investigation, you have been handed over a Windows machine which contains the sample ransomware. The the malware sample has been placed on the desktop in a password protected zip file called malware.zip (password: infected). The Bank’s incident response team has also already installed the tools you will need to perform the investigation and dotSpy will be your weapon of choice for this assignment. Remember, time is an issue and you only have 90 minutes to solve this case otherwise the files will be lost forver and you know..some of those managers do not have a back up. Good luck!