In our latest episode of Attack Surface, I sit down with Director of Cyber Operations, Wesley McGrew, to discuss reverse engineering ransomware. McGrew discusses the benefits of reverse engineering in advanced penetration testing, digital forensics, and incident response. As he noted in a previous blog post, reverse engineering can answer the following questions for an organization in the wake of an attack:
- How did the attackers compromise the target system?
- Did the attack specifically target the impacted organization?
- Were the attackers seeking specific data, or were they taking command of the organization's computing resources?
- Are the attackers a known nation-state or organized crime threat group?
- From the capabilities of the malware, exactly what records were compromised?
In this podcast, McGrew expands on the last bullet point by discussing ways in which reverse engineering can determine a ransomware's unique design elements and capabilities. Listen in to learn more: