The Risen Ransomware is the attacker behind the encryption of multiple files and the demand for a cryptocurrency payment to unlock them.
The first step in analysing this ransomware is using a powerful disassembler and debugger called IDA to reverse engineer the malware.
The goal is to identify which function is used to create and open files, as this will help us find the correct answer to the challenge.
Once identified, we need to look into the malware’s behaviour when initialising a critical section and investigate which file it aims to open.
This is a crucial step in understanding the ransomware’s functionality and figuring out ways to mitigate it.
This investigation and others will help you gain deeper insight into the behaviour of the malware and its vulnerabilities. The Ransomware has encrypted the files and demands a ransom. You have to find a way to deny the ransom and recover the files. This may include the removal of the Ransomware.