Systems and methods for detecting malicious processes that encrypt files
US10210330B1 · kind B1 · utility
Assignee
Inventor
Key dates
| Filing date | Sep 13, 2016 |
| Grant date | Feb 19, 2019 |
| Priority date | — |
| Expiry date | Mar 18, 2037 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2201/80
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
The disclosed computer-implemented method for detecting malicious processes that encrypt files may include (i) identifying a backup file created by a backup process on the computing device, (ii) detecting an attempt to alter the backup file by a process that is not the backup process, (iii) determining, based at least in part on the attempt to alter the backup file being made by the process that is not the backup process, that the process is a malicious process designed to encrypt files on the computing device so that a legitimate owner of the files cannot access the files, and (iv) performing a security action in response to determining that the process is malicious. Various other methods, systems, and computer-readable media are also disclosed.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.