tinyapps.org / blog

Stop ransomware process and dump memory to extract key #

Anti Ransom v3 "creates a random decoy folder with many useless random documents (Excel, PDF) and then it monitors the folder waiting for changes. When a change is detected, AntiRansom tries to identify which process is the responsible of such change and then stops it and dump the memory process (hopefully the key or password that is being used by the ransomware is inside)".

/windows | Jul 09, 2016

Subscribe or visit the archives