Agent functionality extensions using surveyors

Assignee

• Halcyon Tech, Inc. · US

Inventors

• Alejandro Espinoza · San Marcos, US
• Robert Bushner · Homeland, US
• Matthew Gosline · Austin, US
• Kristen Lamb · Marblehead, US
• Seagen Levites · Oregon City, US
• Clark Lindsey · Loudon, US
• Jonathan Miller · Poway, US
• Ryan Smith · Durango, US
• Vu Ta · Fellbach, DE

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F21/566
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

Information characterizing a security event is received from an agent executing on an endpoint computing device. The received information identifies a plurality of files encrypted as part of a ransomware attack and key material used when encrypting each of the files. Based on the received information, a surveyor package is generated which includes decryptor logic to decrypt at least a portion of the files. The surveyor package is deployed to the agent so that it can be unpacked and executed to decrypt at least a portion of the files. Once these files are decrypted, then can be transported to a safe computing environment Related apparatus, systems, techniques and articles are also described.