Patent · US Active

Preventing lateral propagation of ransomware using a security appliance that dynamically inserts a DHCP server/relay and a default gateway with point-to-point links between endpoints

US11374964B1 · kind B1 · utility

12Cited by

7References

24Claims

0Family size

Assignee

AIRGAP Networks Inc. · US

Inventors

Ritesh R. Agrawal · San Jose, US
Vinay Adavi · Sunnyvale, US
Satish M. Mohan · San Jose, US

Key dates

Filing date	Jan 28, 2022
Grant date	Jun 28, 2022
Priority date	—
Expiry date	Jan 28, 2042

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/0245
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

A technique to stop lateral movement of ransomware between endpoints in a VLAN is disclosed. A security appliance is set as the default gateway for intra-LAN communication by overwriting the DHCP responses. Message traffic from compromised endpoints is detected. Attributes of ransomware may be detected in the message traffic, as well as attempts to circumvent the security appliance. Compromised devices may be quarantined. The security appliance may act in response to an initial detection of ransomware such that it does not ordinarily interfere with operation of a primary DHCP server.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.