Patent · US Active

Behavior-based ransomware detection

US10032025B1 · kind B1 · utility

3Cited by

11References

18Claims

0Family size

Assignee

Malwarebytes Inc. · US

Inventors

Mark William Patton · Santa Clara, US
Ares Lopez Ituiño · Málaga, ES

Key dates

Filing date	Jul 5, 2017
Grant date	Jul 24, 2018
Priority date	—
Expiry date	Jul 5, 2037

Classification

Technology area (CPC G)Physics
CPC primaryG06F21/568
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

An anti-malware application detects, stops, and quarantines ransomware. The anti-malware application monitors threads executing on a computing device and detects behaviors that conform to a predefined set of behaviors indicative of ransomware. Responsive to detecting these behaviors, indicators are stored to a log in a storage device. Each of the indicators in the log is associated with respective scores. A running score for each thread is generated by combining the respective scores of the indicators in the log. Responsive to determining that the running score exceeds a predefined threshold score, execution of the thread is terminated. The source ransomware file is then identified and quarantined.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.