Organization-level ransomware incrimination
US12301615B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Apr 24, 2022 |
| Grant date | May 13, 2025 |
| Priority date | — |
| Expiry date | Mar 9, 2043 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/1408
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
Some embodiments help protect an organization against ransomware attacks by combining incrimination logics. An organizational-level incrimination logic helps detect alert spikes across many machines, which collectively indicate an attack. Graph-based incrimination logics help detect infestations of even a few machines, and local incrimination logics focus on protecting respective individual machines. Graph-based incrimination logics may compare monitored system graphs to known ransomware attack graphs. Graphs may have devices as nodes and device network connectivity, repeated files, repeated processes or actions, or other connections as edges. Statistical analyses and machine learning models may be employed as incrimination logics. Search logics may find additional incrimination candidates that would otherwise evade detection, based on files, processes, IP addresses, devices, accounts, or other computational entities previously incriminated. Incrimination engine results are forwarded to endpoint protection systems, intrusion protection systems, authentication controls, or other intervention mechanisms to enhance monitored system security.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.