Ananlysis of TaRRaK Ransomware
First, the ransomware attempts to read a file to memory using File.ReadAllBytes(). This function has an internal limit – of a maximum of 2 GB. In case the file is larger, the function throws an exception, which is then handled by the try-catch block.