Ransomware detection and mitigation
US10503904B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Jul 24, 2017 |
| Grant date | Dec 10, 2019 |
| Priority date | — |
| Expiry date | Jan 15, 2038 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F21/568
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
A computerized method for detecting and mitigating a ransomware attack is described. The method features (i) a kernel mode agent that intercepts an initiation of a process, intercepts one or more system calls made by the process when the process is determined to be suspicious and copies at least a portion of a protected file to a secure storage location when a request to open a protected file by the process is intercepted when the process is determined to be suspicious, and (ii) a user mode agent that determines whether the process is a suspicious process, monitors processing of the suspicious process and determines whether the suspicious process is associated with a ransomware attack. Additionally, in order to mitigate effects of a ransomware attack, the kernel mode agent may restore the protected file with a copy stored in the secure storage location when a ransomware attack is detected.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.