Patent · US Active

Methods and systems for detecting a ransomware attack using entropy analysis and file update patterns

US10990675B2 · kind B2 · utility

1Cited by

8References

27Claims

0Family size

Assignee

DATTO, INC. · US

Inventor

Kurt S. Hansen · Chesterfield, US

Key dates

Filing date	Jun 4, 2019
Grant date	Apr 27, 2021
Priority date	—
Expiry date	Sep 12, 2039

Classification

Technology area (CPC G)Physics
CPC primaryG06F2221/034
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

This disclosure and the exemplary embodiments described herein, provide methods and systems for detecting a ransomware infection in one or more files. According to an exemplary embodiment, a low frequency encryption analysis and a high frequency encryption analysis of a plurality of received files is performed to determine if the one or more of the files are encrypted. If a file is encrypted, a watcher is utilized to monitor file events associated with the files for determining if one or more of the files are infected with ransomware.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.