Patent · US Active

Identifying ransomware host attacker

US11755733B1 · kind B1 · utility

1Cited by

13References

21Claims

0Family size

Assignee

Dell Products L.P. · US

Inventors

Philippe Armangau · Acton, US
Wai C. Yim · Merrimack, US
Matthew Long · Uxbridge, US

Key dates

Filing date	Apr 6, 2022
Grant date	Sep 12, 2023
Priority date	—
Expiry date	Apr 6, 2042

Classification

Technology area (CPC G)Physics
CPC primaryG06F2221/034
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

A technique of identifying hosts suspected of being sources of ransomware infection includes initiating a tracking interval in response to a data storage system detecting a suspected ransomware attack. During the tracking interval, write requests received by the data storage system are analyzed and ransomware attributes for those write requests are generated. The ransomware attributes of the write requests indicate risks of ransomware infection and are associated with hosts from which the respective write requests originate. A particular host is identified as a suspected source of ransomware infection based at least in part on the ransomware attributes associated with that host.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.