IR Challenge

The author of this challenge presents us with a virtual machine that has been compromised by ransomware.

There are five stages starting by finding hidden files left on the machine, uncovering how the ransomware was placed on the machine, making sense of the obfuscated PowerShell script, identifying the exfiltration site, and reversing the malware’s encryption.