×

Systems and methods for detecting malicious processes that encrypt files

  • US 10,210,330 B1
  • Filed: 09/13/2016
  • Issued: 02/19/2019
  • Est. Priority Date: 09/13/2016
  • Status: Active Grant
First Claim
Patent Images

1. A computer-implemented method for preventing malicious computer processes from encrypting computer files, at least a portion of the method being performed by a computing device comprising at least one computer processor, the method comprising:

  • identifying, by the computing device, a backup computer file previously created by a backup computer process on the computing device;

    automatically detecting, by the computing device, an attempt to electronically alter the backup computer file by a computer process that is not the backup computer process, wherein the computer process appears to be a known benign process not expected to interact with the backup computer file;

    determining, by the computing device based at least in part on the attempt to electronically alter the backup computer file being made by the computer process, that the computer process is a malicious computer process designed to encrypt backup computer files on the computing device so that a legitimate owner of the computer files cannot access the backup computer files, wherein determining that the computer process is the malicious computer process comprises determining, based on the computer process appearing to be a known benign process not expected to interact with the backup computer file, an origin of the computer process and analyzing previous actions of the computer process; and

    performing a security action in response to determining that the computer process is malicious.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×