Method and system for countering ransomware

US 10,331,884 B2
Filed: 10/10/2017
Issued: 06/25/2019
Est. Priority Date: 10/10/2016
Status: Active Grant

First Claim

Patent Images

1. A method for protecting processor data from ransomware in a system having a processor, an external drive, and a hardwired connection between the processor and external drive for transmitting the processor data to the external drive, said method comprising:

interposing an open air gap switch having a normally open state in the hardwired connection to normally establish a fully open circuit in the hardwired connection preventing data transfer between the processor and external drive unless the air gap switch is in a closed state;

manually initiating an authorized data transfer of processor data from the processor to the external drive via the hardwired connection by actuating the air gap switch to a closed state; and

re-establishing the air gap in the hardwired connection after completion of an authorized data transfer by returning the air gap switch to the open state.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems and computer readable media are provide for protecting stored data from ransomware. In an embodiment, the data is stored in an external drive connected to the processor. The connection between the processor and external drive is interrupted (e.g., open) except during a data transfer between the processor and the external drive. Connection of the processor to the external drive, permitted for a time period specified by a user or until the transfer of data is complete, occurs in response to manual actuation of a control means interposed between the processor and external drive and optionally, an indication from the user computing system that malware has not been detected on the device. The control means may be a mechanical switch or a fingerprint authentication device.

53 Citations

23 Claims

1. A method for protecting processor data from ransomware in a system having a processor, an external drive, and a hardwired connection between the processor and external drive for transmitting the processor data to the external drive, said method comprising:
- interposing an open air gap switch having a normally open state in the hardwired connection to normally establish a fully open circuit in the hardwired connection preventing data transfer between the processor and external drive unless the air gap switch is in a closed state;
  
  manually initiating an authorized data transfer of processor data from the processor to the external drive via the hardwired connection by actuating the air gap switch to a closed state; and
  
  re-establishing the air gap in the hardwired connection after completion of an authorized data transfer by returning the air gap switch to the open state.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1 further comprising:
    - storing the transferred processor data in the external drive in data storage media electrically separate from and external to the processor; and
      
      wherein the air gap switch in the open state normally disconnects the storage media from the processor and is selectively actuable by a user to the closed state to connect the data storage media to the processor.
  - 3. The method of claim 2 wherein a Universal Serial Bus (USB) hub is provided having at least one upstream port connected to the processor and at least one downstream port connected to the data storage media, wherein the air gap switch is electrically connected between the upstream port and the downstream port internally to the USB hub, and wherein said method further comprises:
    - rendering the air gap switch functional to connect the upstream port to the downstream port only when the air gap switch receives an electrical command, wherein when the air gap switch is in the open state no communication, including any data transfer in either direction, can occur between the upstream port and the downstream port of the USB hub;
      
      enabling the electrical command to the air gap switch only in response to manual initiation by an authorized user of the authorized data transfer;
      
      preventing the processor from under any circumstance transferring data to the external drive in the absence of the electrical command initiated by an authorized user;
      
      providing a default state of the USB hub in which the air gap switch is in the open state to establish an air gap in the hardwired connection and prevent any communication between the upstream port and the downstream port, andrestoring the default state automatically after completion of the authorized data transfer.
  - 4. The method of claim 3 wherein the step of enabling includes manually initiating the electrical command from circuitry integrated into the USB hub.
  - 5. The method of claim 3 wherein the step of enabling includes manually initiating the electrical command from circuitry external to the USB hub.
  - 6. The method of claim 3 wherein authorized data transfers are initiated by user fingerprint authentication to enable said electrical command signal.
  - 7. The method of claim 3 wherein authorized data transfers are initiated by user actuation of a manually actuable switch to enable said electrical command signal.
  - 8. The method of claim 7 wherein the manually actuable switch requires continuous manual actuation by the user to continue to provide the electrical command signal, whereby removal of the manual actuation by the user causes the manually actuable switch to open and the electrical command signal to be disabled.
  - 9. The method of claim 3 further comprising the step of preventing permanent bypassing of said default state.
  - 10. The method of claim 3 further comprising incorporating a data transfer monitoring capability into the USB hub to detect when the authorized data transfer has been completed and automatically disable the electrical command signal to thereby return the air gap switch to the open state and disconnect the data storage media from the processor.
  - 11. The method of claim 3 further comprising detecting when and if the processor is under attack by a ransomware virus and issuing a warning to the user to not initiate an authorized data transfer.
  - 12. The method of claim 1 further comprising:
    - establishing on a system comprising the processor an unprotected file containing innocuous data;
      
      continuously trying to read the innocuous data by the system;
      
      in response to being unable to read the innocuous data, displaying a warning alerting the user to not initiate the authorized data transfer.
  - 13. The method of claim 1 wherein the air gap switch is a manually actuable switch, said method further comprising automatically returning the air gap switch to the open state after an authorized data transfer is completed.

14. A system for protecting processor data from ransomware comprising:
- an external data storage drive for storing data having a hardwired connection to a processor for transmitting processor data to the external drive; and
  
  a selectively actuable interface interposed in said hardwired connection, said selectively actuable interface including a normally open air gap switch which defaults to an open state and interrupts the hardwired connection between the processor and the external data storage drive except during authorized data transfer between the processor and the external data storage drive, wherein the air gap switch reconnects the processor to the external data storage drive only in a closed state of the air gap switch, said closed state being attained only in response to manual actuation of the selectively actuable interface by a user.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 15. The system of claim 14 wherein the air gap switch is selected from the group consisting of a normally open mechanical switch and a normally open fingerprint authentication switching device.
  - 16. The system of claim 14 wherein the air gap switch is interposed between the processor and the data storage drive to normally disconnect the data storage drive from the processor, and is selectively actuable only manually to connect the data storage drive to the processor.
  - 17. The system of claim 16,wherein the selectively actuable interface is a Universal Serial Bus (USB) hub having at least one upstream port connected to the processor and at least one downstream port connected to the data storage media, wherein the air gap switch is part of the USB hub and in the closed state connects the upstream port to the downstream port only when the USB hub receives an electrical command, and wherein when the air gap switch is in the open state no communication, including any data transfer in either direction, can occur between the upstream port and the downstream port of the USB hub;
    - and further comprising a circuit for;
      
      enabling the electrical command to the USB hub only in response to initiation by an authorized user of an authorized data transfer;
      
      preventing the processor from under any circumstance transferring data to the external drive in the absence of the electrical command initiated by an authorized user;
      
      providing a default state of the USB hub in which the air gap switch is in the open state to establish an air gap in the hardwired connection and prevent any communication between the upstream port and the downstream port; and
      
      restoring the default state automatically after completion of the authorized data transfer.
  - 18. The system of claim 17 wherein said circuit is included in said USB hub.
  - 19. The system of claim 17 wherein said selectively actuable interface includes a fingerprint authentication device for selectively enabling said electrical command signal.
  - 20. The system of claim 14 wherein said selectively actuable interface includes a manually actuable switch for selectively enabling said electrical command signal.
  - 21. The system of claim 20 wherein the manually actuable switch is configured to require continuous manual actuation by the user to continue to provide the electrical command signal, whereby removal of the manual actuation by the user causes the switch to open and the electrical command signal to be disabled.
  - 22. The system of claim 14 further comprising data transfer monitoring means for detecting when the authorized data transfer has been completed and thereupon automatically disabling the electrical command signal to thereby disconnect the data storage media from the processor.
  - 23. The system of claim 14 wherein said air gap switch is a manually actuable switch that automatically returns to the open state when not manually actuated.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Stephen Rosa
Original Assignee
Stephen Rosa
Inventors
Rosa, Stephen
Primary Examiner(s)
Hirl, Joseph P
Assistant Examiner(s)
Beheshti Shirazi, Sayed Aresh

Application Number

US15/728,826
Publication Number

US 20180101678A1
Time in Patent Office

623 Days
Field of Search
US Class Current
CPC Class Codes

G06F 13/385   for adaptation of a particu...

G06F 13/4282   on a serial bus, e.g. I2C b...

G06F 21/32   using biometric data, e.g. ...

G06F 21/552   involving long-term monitor...

G06F 21/562   Static detection

G06F 21/81   by operating on the power s...

G06F 3/0622   in relation to access

G06F 3/0653   Monitoring storage devices ...

G06F 3/0671   In-line storage system

H04L 67/06   specially adapted for file ...

Method and system for countering ransomware

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

53 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for countering ransomware

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

53 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links