Patent · US Active

Detecting ransomware based on file comparisons

US10229269B1 · kind B1 · utility

63Cited by

1References

20Claims

0Family size

Assignee

Malwarebytes Inc. · US

Inventors

Mark William Patton · Santa Clara, US
Zohiartze Herce San Martín · Getxo, ES
Jorge Alejandro Duran Royo · Lerma, ES
Sherab Giovannini · Santurtzi, ES

Key dates

Filing date	Feb 13, 2018
Grant date	Mar 12, 2019
Priority date	—
Expiry date	Feb 13, 2038

Classification

Technology area (CPC G)Physics
CPC primaryG06F2221/034
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

An anti-malware application detects and remediates ransomware. The anti-malware application monitors processes executing on a computing device and detects that a process is opening a file for editing. A portion of the original file is saved prior to being edited by the process. Once the edited file is saved, the anti-malware application compares a portion of the edited file to the portion of the original file to determine if the edited file is encrypted. The anti-malware application may determine the process is associated with ransomware based on whether the edited file is encrypted.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.