Patent · US Active

Behavior-based ransomware detection

US9734337B1 · kind B1 · utility

40Cited by

7References

18Claims

0Family size

Assignee

Malwarebytes Inc. · US

Inventors

Mark William Patton · Santa Clara, US
Ares Lopez Ituiño · Málaga, ES

Key dates

Filing date	Jan 24, 2017
Grant date	Aug 15, 2017
Priority date	—
Expiry date	Jan 24, 2037

Classification

Technology area (CPC G)Physics
CPC primaryG06F21/568
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

An anti-malware application detects, stops, and quarantines ransomware. The anti-malware application monitors threads executing on a computing device and detects behaviors that conform to a predefined set of behaviors indicative of ransomware. Responsive to detecting these behaviors, indicators are stored to a log in a storage device. Each of the indicators in the log is associated with respective scores. A running score for each thread is generated by combining the respective scores of the indicators in the log. Responsive to determining that the running score exceeds a predefined threshold score, execution of the thread is terminated. The source ransomware file is then identified and quarantined.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.