×

Anti-ransomware systems and methods using a sinkhole at an electronic device

  • US 10,685,116 B2
  • Filed: 02/23/2018
  • Issued: 06/16/2020
  • Est. Priority Date: 02/23/2018
  • Status: Active Grant
First Claim
Patent Images

1. A malware scanner to scan computer files, the malware scanner comprising:

  • at least one storage device; and

    at least one processor, wherein the at least one processor is to implement;

    a sinkhole generator to generate a sinkhole directory,wherein the sinkhole directory is to recursively expand when a computer file performs a file listing of the sinkhole directory to occupy the computer file by extending a period of time taken to perform the file listing of the sinkhole directory, andwherein the sinkhole generator is to generate the sinkhole directory to include a canary file to be processed and to include a recursive junction to point back to the sinkhole directory, the recursive junction to include a plurality of recursive file system mount points to recursively direct a process associated with the computer file to process the canary file;

    an analyzer to monitor execution of the computer file while the computer file is performing the file listing of the sinkhole directory to attempt to identify an indicator of compromise associated with the computer file, the analyzer to classify the computer file as ransomware when the analyzer identifies the indicator of compromise; and

    a cleaner to remediate the ransomware,wherein the sinkhole generator, the analyzer, and the cleaner are implemented using software and executed by the at least one processor.

View all claims
  • 4 Assignments
Timeline View
Assignment View
    ×
    ×