Early runtime detection and prevention of ransomware
US11645383B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Dec 28, 2017 |
| Grant date | May 9, 2023 |
| Priority date | — |
| Expiry date | Jan 3, 2040 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2221/2127
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
Various automated techniques are described herein for the runtime detection/neutralization of malware executing on a computing device. The foregoing is achievable during a relatively early phase, for example, before the malware manages to encrypt any of the user's files. For instance, a malicious process detector may create decoy file(s) in a directory. The decoy file(s) may have attributes that cause such file(s) to reside at the beginning and/or end of a file list. By doing so, a malicious process targeting files in the directory will attempt to encrypt the decoy file(s) before any other file. The detector monitors operations to the decoy file(s) to determine whether a malicious process is active on the user's computing device. In response to determining that a malicious process is active, the malicious process detector takes protective measure(s) to neutralize the malicious process.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.