Ransomware Identification Through Sandbox Environment

ABSTRACT

Latin America suffered more than 41 billion attempted cyberattacks in 2020, as the COVID-19 pandemic generated remote working, setting conditions for cybercriminals to exploit vulnerabilities in corporate computer networks. The general objective of this research was to implement sandbox technology to protect against ransomware attacks in a local network of a financial institution. The implementation of Sandbox technology was developed with opensource software. To this end, a server with sandbox technology was implemented and configured to manage all operations performed by customers. A test lab was implemented with five machines in a virtualized environment. Five types of ransomware were collected and downloaded from the tutorialjinni page, executed in the test lab and analyzed by Cuckoo Sandbox, the latter reported that of the five ransomware injected, 100% were detected and successfully isolated, using on average 0.89 Gb of ram memory and with an average time of 123.6 s, which demonstrated that Cuckoo Sandbox is effective and optimal in utilizing hardware resources, thus contributing to the perimeter security of the computer network. © 2023, The Author(s), under exclusive license to Springer Nature Switzerland AG.