search

guardicore / monkey

Infection Monkey - An open-source adversary emulation platform
https://www.guardicore.com/infectionmonkey/
GNU General Public License v3.0
6.64k stars 775 forks source link

Ransomware: partial file encryption #3100

Closed shreyamalviya closed 2 months ago

shreyamalviya commented 1 year ago

According to this report, the Royal ransomware has a unique file encryption program that only encrypts a specific percentage of data in a file, which helps evade detection.

This would be a good addition to our ransomware payload.

Questions to answer:

  1. What kind of encryption algorithm(s) can we use this with?
  2. What kind of encryption algorithm(s) can we safely use this with?
  3. Do we need a minimum percentage value?
  4. What should the recommended percentage value be? At what percentage would most security solutions be triggered?
cakekoa commented 2 months ago

Moved to guardicode/ransomware-payload#3