Ransomware and Malware Sandboxing

Author

Byron DenhamFollow

Date of Graduation

5-2022

Document Type

Thesis

Degree Name

Bachelor of Science

Degree Level

Undergraduate

Department

Computer Science and Computer Engineering

Advisor/Mentor

Thompson, Dale

Committee Member/Reader

Li, Qinghua

Committee Member/Second Reader

Panda, Brajendra

Abstract

The threat of ransomware that encrypts data on a device and asks for payment to decrypt the data affects individual users, businesses, and vital systems including healthcare. This threat has become increasingly more prevalent in the past few years. To understand ransomware through malware analysis, care must be taken to sandbox the ransomware in an environment that allows for a detailed and comprehensive analysis while also preventing it from being able to further spread. Modern malware often takes measures to detect whether it has been placed into an analysis environment to prevent examination. In this work, several notable pieces of ransomware were placed into sandbox environments to discover how they might obfuscate themselves for evading analysis and to determine ways they propagate. The goal of the work is to identify and understand these how these obfuscation and propagation techniques function in a sandbox, so that mitigation methods can be developed.

Keywords

ransomware, sandboxing, malware, analysis environment, Wannacry, Cryptolocker

Citation

Denham, B. (2022). Ransomware and Malware Sandboxing. Computer Science and Computer Engineering Undergraduate Honors Theses Retrieved from https://scholarworks.uark.edu/csceuht/98