Ransomware and Malware Sandboxing

The threat of ransomware that encrypts data on a device and asks for payment to decrypt the data affects individual users, businesses, and vital systems including healthcare. This threat has become increasingly more prevalent in the past few years. To understand ransomware through malware analysis, care must be taken to sandbox the ransomware in an environment that allows for a detailed and comprehensive analysis while also preventing it from being able to further spread. Modern malware often takes measures to detect whether it has been placed into an analysis environment to prevent examination. In this work, several notable pieces of ransomware were placed into sandbox environments to discover how they might obfuscate themselves for evading analysis and to determine ways they propagate. The goal of the work is to identify and understand how these obfuscation and propagation techniques function in a sandbox, so that mitigation methods can be developed.