“RIPlace” - Does It Make Ransomware Unstoppable?

Presented by

Nir Gaist, Founder and CTO of Nyotron

About this talk

Remember WannaCry - the ransomware attack that two years ago infected Windows devices across 150 countries and resulted in an estimated damage of $4B?. We now know that WannaCry was completely preventable. Microsoft had issued a patch two months prior to the attack. If you think WannaCry was bad, brace yourself: We have discovered a technique that attackers may use to deliver ransomware that most organizations have no way to detect or prevent. This webinar will cover a Windows evasion technique called “RIPlace” that, when used to maliciously alter files, bypasses most existing ransomware protection technologies. In fact, even Endpoint Detection and Response (EDR) products are blind to this technique, which means these operations will not be visible for future incident response and investigation purposes. The technique leverages an issue at the boundary between a Windows design flaw and improper error handling of an edge-case scenario by filter drivers of security products. While not a vulnerability per say, the technique is extremely easy for malicious actors to take advantage of with barely two lines of code. RIPlace abuses the way file rename operations are (mis)handled using a legacy Windows function. We will review existing ransomware detection methods, the workflow of a typical ransomware and provide a live demo of RIPlace bypassing a number of anti-ransomware technologies. Presenter: Nir Gaist, Founder and CTO of Nyotron. Nir Gaist is a recognized information security expert and ethical hacker. He has worked with some of Israel’s largest public and private sector organizations, such as the Israeli Police, the Israeli parliament and Microsoft’s Israeli headquarters. He also wrote cybersecurity curriculum for the Israel Ministry of Education. Nir holds patents for the creation of a programming language called Behavior Pattern Mapping (BPM) that enables monitoring of the integrity of the operating system behavior to deliver threat-agnostic protection.

Related topics:

More from this channel

Upcoming talks (11)
On-demand talks (1835)
Subscribers (188399)
This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.