Detecting and stopping ransomware
US10503897B1 · kind B1 · utility
Assignee
Inventor
Key dates
| Filing date | Jul 13, 2017 |
| Grant date | Dec 10, 2019 |
| Priority date | — |
| Expiry date | Jan 21, 2038 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2201/88
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
Techniques of operating a computer involve providing controls to an OS that monitor a rate at which commands in an operating system are performed. Along these lines, ransomware performs the OS commands it needs to control access to data files on a computer by performing those commands rapidly. In many cases, such rapid sequences of commands, e.g., read-copy-encrypt-delete, are performed much more rapidly than would be done by a typical user. Accordingly, the OS is then provided the capacity to monitor, e.g., a number of specified command sequences (e.g., read-copy-encrypt-delete) within some specified period of time (e.g., a minute, 5 minutes, an hour, or greater or less). If the number is greater than some threshold number, then the computer may take a remedial action such as issuing an alert to the user and/or limiting the rate at which the commands may be performed.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.