×

System and method for detection of malicious data encryption programs

  • US 10,375,086 B2
  • Filed: 11/25/2015
  • Issued: 08/06/2019
  • Est. Priority Date: 09/30/2015
  • Status: Active Grant
First Claim
Patent Images

1. A method for detection of malicious encryption programs, the method comprising:

  • intercepting a file operation request from a client device on a file stored on a server;

    responsive to intercepting the file operation request, creating and saving a backup copy of the file at the server;

    collecting information about at least the client device, the requested file and the file operation request, wherein the collected information includes data buffers with original contents of the file and data that the file operation request is attempting to write in place of the file;

    determining based on the collected information, whether a known malicious encryption program has been launched on the client device to attempt an execution of the file operation request on the server;

    when the file operation request came from an unknown encryption program, calculating, by a hardware processor, a difference between a first entropy of a header of the file before the execution of the file operation request and a second entropy of a header of the data that the file operation request is attempting to write in place of the file;

    when the difference is below a threshold, allowing the file operation request of the unknown encryption program on the file to be performed on the server and deleting the backup copy of the file, otherwise blocking a connection between the client device and the server and restoring the backup copy of the file at the server; and

    sending information about the unknown encryption program to a component on the client device, the information comprising a name of a process executing the program, wherein the component is enabled to search and stop the process on the client device initiating the file operation request based on a reception of the information.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×