Ransomware Reconnaissance: Interrogating Certificates Towards Proactive Threat Mitigation

“Got Root?” Presented herewith is an innovative approach to ransomware defence by interrogating the security certificate chain pertaining to modern website security. It is a proactive strategy to scrutinise the online resources prior to download for assessment of likelihood that ransomware may be present as a result of inconsistencies between the URL and its security certificate. OpenSSL is employed for interrogating certificate attributes, including characteristics such as domain mismatch and revocation status, through the systematic approach of certificate retrieval, parsing and validation. Whilst not a ‘silver bullet solution’ to the wider realm of ransomware attacks, this study presents a nuanced approach to suspicion detected under certificate-related vulnerabilities at a preemptive and reconnaissance stage of hazard - a necessary basis for any subsequent cyber security investigation.