🎙️ Daniel Dahl
Talk Title: A Comprehensive Hybrid Analysis of Ransomware Behaviour
Abstract
Ransomware remains one of the most pressing cybersecurity threats, evolving rapidly in sophistication and impact.
In 2023 alone, ransomware accounted for over 70% of reported cyberattacks, targeting industries from healthcare to critical infrastructure.
Despite significant research and countermeasures, attackers continue to innovate — employing Ransomware-as-a-Service (RaaS), Big Game Hunting (BGH), and advanced evasion techniques to bypass detection.
Traditional defenses, often reliant on signature-based detection, struggle to keep pace.
This talk shares insights and experiences from Daniel’s bachelor’s project, which focused on analysing RansomHub and Medusa ransomware using a hybridised malware analysis framework.
The research integrates static, dynamic, network, and forensic analysis using automated malware analysis platforms to provide a holistic view of ransomware behaviour.
By examining real-world ransomware samples, the talk explores how different methodologies complement each other to uncover tactics, techniques, and procedures (TTPs) that might otherwise remain undetected.
Findings are mapped to the MITRE ATT&CK framework, bridging the gap between technical malware analysis and practical defensive strategy.
The presentation offers an engaging and accessible introduction to malware analysis, aimed at both newcomers and those with experience.
Attendees will walk away with a deeper understanding of ransomware operations, the value of hybrid analysis, and how to enhance detection and response using combined analytical techniques.
Bio
Daniel Dahl is a Digital Forensics student at Noroff University College and a part-time SOC analyst at Netsecurity.
With a background as an electrician and a passion for problem-solving, he transitioned into cybersecurity to challenge himself in new ways.
He’s deeply curious about everything from forensic investigation to incident response and malware, and is currently writing his thesis on ransomware behaviour using a hybridised analysis framework.
As part of the Rookie Track, Daniel brings a fresh perspective from someone actively learning and working in the field.
When he’s not studying or working, he’s likely tinkering, exploring new tools, or diving into the evolving world of cyber threats.