HITB-Invoice-Logo

thank you for joining us!

The Ransomware Protection Full Of Holes

Date

August 26, 2022

Time

16:30

Track

Main Track

In the fall of 2017, in response to the WannaCry outbreak, Microsoft implemented Ransomware Protection in Windows 10 as a countermeasure. The basis of Ransomware Protection of Windows is Controlled Folder Access, but this feature is full of holes and many researchers have pointed out various flaws. However, Microsoft says that it is a Defense-in-depth security feature and is not subject to bug bounties.

In 2021, Forbes published an article titled “Windows 10’s Ransomware Protection Is Effective for Protection” (although the title seems to have already changed). To show that the article was wrong, I decided to recheck with Windows 11 my past research that injects a malicious DLL into File Explorer and encrypts files. It seems that Microsoft has secretly fixed this issue and files could not be encrypted with my method. I was very frustrated, so I started looking for other holes in the Ransomware Protection and found a new ridiculous bypass method.

In this talk, I will show the previous bypass method, along with the new ridiculous bypass method, as well as remote attacks using other vulnerabilities, supported with demonstration videos.

Speakers

Security Researcher

Fujitsu

Soya Aoyama is a cyber security researcher at Fujitsu System Integration Laboratories Limited. Soya has been working for Fujitsu for more than 20 years as a Windows software developer, and has been developing NDIS drivers, Bluetooth profiles, WinSock applications, and more.

About seven years ago, Soya started security research, and mainly researches attacks using Windows dlls, and has spoken at BSidesLV, GrrCON, ToorCon, DerbyCon, HackMiami, LeHack, BSidesSG and ROOTCON in the past. Soya is founder and organizer of BSides Tokyo, and hosted the first of BSides Tokyo in 2018.

Other Talks in This Track

LOCATION

Main Track

DATE

August 26

TIME

09:00

LOCATION

Main Track

DATE

August 26

TIME

10:30

LOCATION

Main Track

DATE

August 26

TIME

14:00

LOCATION

Main Track

DATE

August 26

TIME

15:00