Analysis of Ransomware Using Reverse Engineering Techniques to Develop Effective Countermeasures

Ransomware is the most severe threat to companies and organizations, snowballing daily. Ransomware comes in various types that are difficult for non-specialists to distinguish and evolve and change encryption techniques to avoid detection. Ransomware has become a worldwide incidence during the Corona pandemic and remote work, accountable for millions of dollars of losses annually; This malware threatens victims to lose sensitive data unless they pay a ransom, usually by encrypting the victims' hard drive contents until the ransom is paid. The study focused on literature reviews and publications issued by international organizations interested in ransomware analysis to build a strong background in this field. Used static analysis and reverse engineering methodology to investigate ransomware to understand its purpose, functionality, and effective countermeasures against it. Finally, after Dearcry and Babuk ransomware were analyzed, written the Yara rule to detect and suggested countermeasures against them to help cybersecurity professionals better understand the inner workings of real ransomware and develop advanced countermeasures against similar attacks in the future.