Researchers from the University of Bologna and the University of Cagliari have developed SAFARI, a scalable, air-gapped framework designed to automate ransomware investigation. The team, led by Tommaso Compagnucci and Franco Callegati, has created an open-source tool that enables safe, efficient, and collaborative analysis of ransomware behaviour and mitigation strategies.
Ransomware remains a persistent and evolving threat to both individuals and organisations, necessitating advanced tools for understanding its mechanisms and evaluating defensive measures. SAFARI addresses this need by providing a secure, isolated environment for controlled ransomware execution and analysis. The framework leverages virtualisation, Infrastructure-as-Code, and OS-agnostic task automation to create reproducible experiments, ensuring that researchers can safely study ransomware without risking contamination of their primary systems.
The researchers demonstrated SAFARI’s capabilities through two case studies. In the first, they analysed five well-known ransomware strains, including WannaCry and LockBit, to identify encryption patterns and file targeting strategies. This analysis provided valuable insights into how these ransomware variants operate, which is crucial for developing effective countermeasures. The second case study evaluated Ranflood, a contrast tool designed to mitigate ransomware attacks, against three dangerous strains. The results highlighted the effectiveness of Ranflood and underscored the potential of SAFARI as a tool for advancing ransomware research and defence development.
By democratising access to safe ransomware investigation tools, SAFARI fosters collaborative efforts among researchers, cybersecurity professionals, and defence organisations. The framework’s scalability and automation features make it a powerful asset in the ongoing battle against ransomware, enabling faster and more accurate analysis of emerging threats. As ransomware attacks continue to evolve, tools like SAFARI will play a critical role in enhancing our understanding of these threats and developing robust defence strategies. Read the original research paper here.