Patent · US Active

Ransomware key extractor and recovery system

US10387648B2 · kind B2 · utility

3Cited by

5References

20Claims

0Family size

Assignee

Cisco Technology, Inc. · US

Inventors

Benyamin Hirschberg · Ramat HaSharon, IL
Moshe Kravchik · Bet Shemesh, IL
Arie Haenel · Jerusalem, IL
Hillel Solow · Bet Shemesh, IL

Key dates

Filing date	Oct 26, 2016
Grant date	Aug 20, 2019
Priority date	—
Expiry date	Jun 10, 2037

Classification

Technology area (CPC G)Physics
CPC primaryG06F2221/2107
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

In one embodiment, a system includes a central processing unit (CPU) to identify a ransomware process which encrypted a plurality of files yielding a plurality of encrypted files, in response to identifying the ransomware process, dump a memory space and a state of the CPU yielding a memory dump, and search the memory dump for a plurality of candidate encryption keys, and a decryption engine to attempt to decrypt at least one encrypted file of the plurality of encrypted files with different candidate encryption keys of the plurality of candidate encryption keys until the at least one encrypted file is successfully decrypted with one candidate encryption key of the different candidate encryption keys, and decrypt the plurality of encrypted files using the one candidate encryption key. Related apparatus and methods are also described.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.