Patent · US Active

Systems and methods for detecting ransomware infection

US10867040B2 · kind B2 · utility

6Cited by

3References

18Claims

0Family size

Assignee

DATTO, INC. · US

Inventors

Robert J. Gibbons, Jr. · Wilton, US
Kristen Helene Costagliola · Stamford, US
Christopher Henderson · Newtown, US

Key dates

Filing date	Oct 17, 2017
Grant date	Dec 15, 2020
Priority date	—
Expiry date	Nov 13, 2037

Classification

Technology area (CPC G)Physics
CPC primaryG06F21/552
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

The present disclosure is directed at systems and methods for detecting ransomware infection in filesystems. These systems and methods may enable a computer user to detect a ransomware infection within a filesystem utilizing a snapshot image-based backup. According to some embodiments, the disclosed systems and methods analyze metadata describing the contents of an examined filesystem embodied in a Master File Table (MFT). Also according to some embodiments, the disclosed systems and methods compute an entropy associated with an extracted sample of files to distinguish between infected and uninfected file systems. Relative to other techniques, the disclosed systems/methods can decrease the time and/or computational resources required to detect ransomware, while also decreasing false positives and false negatives.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.