Patent · US Active

Behavior-based ransomware detection using decoy files

US10193918B1 · kind B1 · utility

11Cited by

3References

14Claims

0Family size

Assignee

Malwarebytes Inc. · US

Inventors

Mark William Patton · Santa Clara, US
Nathan David Scott · Pompano Beach, US
Ramon Gutierrez · Amurrio, ES
Sherab Giovannini · Santurtzi, ES

Key dates

Filing date	Mar 28, 2018
Grant date	Jan 29, 2019
Priority date	—
Expiry date	Mar 28, 2038

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/1491
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

An anti-malware application analyzes behavior of an executing process to identify ransomware. The anti-malware application detects an untrusted process requesting enumeration of a directory of user files and causes the untrusted process to initially operate on a decoy file that mimics the user files. If the behavior of the untrusted process with respect to the decoy file is indicative of ransomware, the process can be terminated without loss of the user files. The decoy file may be deployed in a way that is undetectable to the user.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.