File backup to combat ransomware
US9317686B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Jul 16, 2013 |
| Grant date | Apr 19, 2016 |
| Priority date | — |
| Expiry date | Sep 16, 2033 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2201/865
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
Operating system events are monitored and a file change request of a process is detected. If the process is suspicious, then the file to be changed is backed up and then the process is allowed to change the file as requested. If it is later determined that the process is ransomware, the process is blocked and further file backups are halted. The original file is recovered and the encrypted file is discarded. If it is later determined that the process is not malicious, then further file backups are halted. Any backup files are discarded. Ransomware may be detected by comparing a file extension of the process with file extensions of any files requested to be changed, by comparing file extensions of any files requested to be changed, or by an analysis of behavior of the process itself.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.