Date of Graduation


Document Type


Degree Name

Bachelor of Science

Degree Level



Computer Science and Computer Engineering


Thompson, Dale

Committee Member/Reader

Li, Qinghua

Committee Member/Second Reader

Panda, Brajendra


The threat of ransomware that encrypts data on a device and asks for payment to decrypt the data affects individual users, businesses, and vital systems including healthcare. This threat has become increasingly more prevalent in the past few years. To understand ransomware through malware analysis, care must be taken to sandbox the ransomware in an environment that allows for a detailed and comprehensive analysis while also preventing it from being able to further spread. Modern malware often takes measures to detect whether it has been placed into an analysis environment to prevent examination. In this work, several notable pieces of ransomware were placed into sandbox environments to discover how they might obfuscate themselves for evading analysis and to determine ways they propagate. The goal of the work is to identify and understand these how these obfuscation and propagation techniques function in a sandbox, so that mitigation methods can be developed.


ransomware, sandboxing, malware, analysis environment, Wannacry, Cryptolocker