public/subjects/cybersecurity/malware/audit

General

Ask the students to explain how the ransomware work and the impact of it.

Is the student able to explain clearly what ransomware means?

Is the student able to explain clearly how he can bypass the Anti-Viruses?

Is the student able to explain clearly how his ransomware works?

Is the student able to explain clearly how his decrypting program works?

Check the Repo content

Files that must be inside your repository:

• Your program source code.

• a README.md file, Which clearly explains how to use the program.

Are the required files present?

Create an official Windows virtual machine and scan the student's ransomware in windows defender.

Does the program bypass the windows defender without any detection?

Scan the student's ransomware in virustotal.

Does the program bypass more than 80% of Security vendors in virustotal?

Create some files with random data in the machine and run the program.

Does the program change all files in the machine with the student extension(encrypt)?

Does the program add a text file with contact info and the encryption code (to recover the data)?

Imagine that they are your files and try to decrypt them without the help of the student.

Is there no way to decrypt the files?

Ask the student to create a decryption program by using the encryption code. Run the decryption program.

Do the files restore with their data?

Is the decryption program usage unique for each victim?