Patent · US Active

Ransomware attack onset detection

US11537713B2 · kind B2 · utility

6Cited by

7References

21Claims

0Family size

Assignee

CrashPlan Group LLC · US

Inventors

Ajaykumar Rajasekharan · Bloomington, US
Matthew Mills Parker · Denver, US
Daniel Louis Sullivan · Denver, US

Key dates

Filing date	Aug 2, 2017
Grant date	Dec 27, 2022
Priority date	—
Expiry date	Apr 12, 2039

Classification

Technology area (CPC G)Physics
CPC primaryG06F2221/034
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

A method of detecting the onset of a ransomware attack is presented. In an example embodiment, file backup metadata for each of a plurality of computing devices is accessed and analyzed to detect anomalous file backup activity of individual ones of the computing devices. A determination is made as to whether the detected anomalous file backup activity of at least some of the computing devices is correlated in time. File description metadata for each of the computing devices is also accessed and analyzed to identify files in the computing devices that are anomalous to other files in the computing devices. A determination whether a ransomware attack has begun is based on a determination that the detected anomalous file backup activity of at least some of the computing devices is correlated in time, as well as on the identified anomalous files.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.