Open Access

ARTICLE

A User-friendly Model for Ransomware Analysis Using Sandboxing

Akhtar Kamal¹, Morched Derbali², Sadeeq Jan^1,*, Javed Iqbal Bangash³, Fazal Qudus Khan², Houssem Jerbi⁴, Rabeh Abbassi⁴, Gulzar Ahmad⁵

1 Department of Computer Science & Information Technology, National Center for Cyber Security, University of Engineering & Technology, Peshawar, 25120, Pakistan
2 Department of Information Technology, Faculty of Computing and Information Technology, King Abdulaziz University, Jeddah, 21589, Saudi Arabia
3 Institute of Computer Sciences and Information Technology (ICS/IT), University of Agriculture, Peshawar, 25130, Pakistan
4 Department of Industrial/Electrical Engineering, College of Engineering, University of Ha’il, Hail, 1234, Saudi Arabia
5 Department of Electrical Engineering, University of Engineering & Technology, Peshawar, 25120, Pakistan

* Corresponding Author: Sadeeq Jan. Email:

Computers, Materials & Continua 2021, 67(3), 3833-3846. https://doi.org/10.32604/cmc.2021.015941

Received 15 December 2020; Accepted 17 January 2021; Issue published 01 March 2021

Abstract

Ransomware is a type of malicious software that blocks access to a computer by encrypting user’s files until a ransom is paid to the attacker. There have been several reported high-profile ransomware attacks including WannaCry, Petya, and Bad Rabbit resulting in losses of over a billion dollars to various individuals and businesses in the world. The analysis of ransomware is often carried out via sandbox environments; however, the initial setup and configuration of such environments is a challenging task. Also, it is difficult for an ordinary computer user to correctly interpret the complex results presented in the reports generated by such environments and analysis tools. In this research work, we aim to develop a user-friendly model to understand the taxonomy and analysis of ransomware attacks. Also, we aim to present the results of analysis in the form of summarized reports that can easily be understood by an ordinary computer user. Our model is built on top of the well-known Cuckoo sandbox environment for identification of the ransomware as well as generation of the summarized reports. In addition, for evaluating the usability and accessibility of our proposed model, we conduct a comprehensive user survey consisting of participants from various fields, e.g., professional developers from software houses, people from academia (professors, students). Our evaluation results demonstrate a positive feedback of approximately 92% on the usability of our proposed model.

---

Keywords

---