Systems and methods for detecting ransomware attacks on file sharing systems
US12074905B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Jan 24, 2022 |
| Grant date | Aug 27, 2024 |
| Priority date | — |
| Expiry date | Nov 14, 2042 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/145
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
Methods and systems for detecting ransomware attacks on an SMB (Server Message Block) file sharing system are disclosed. A user's request for access to the SMB file sharing system is authenticated and an SMB session for the user is initiated. During the SMB session, SMB commands issued by the user are detected and logged. The detected commands are evaluated against a profile of normal file sharing activity by this user. In case a deviation from the user's activity profile is detected, recent SMB commands from the user are evaluated against a library of patterns of SMB commands indicative of ransomware activity. In case the recent SMB commands from the user match a ransomware command pattern, the user's SMB session is immediately terminated, thus mitigating further damage by the ransomware.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.