SYSTEM AND A METHOD FOR IDENTIFYING THE PRESENCE OF MALWARE AND RANSOMWARE USING MINI-TRAPS SET AT NETWORK ENDPOINTS
First Claim
Patent Images
1. A system for identifying the presence of malware on a network, comprising:
- a plurality of resources, interconnected to form a network;
at least one decoy drive;
at least one mini-trap installed on at least one of said plurality of resources and functionally associated with at one of said at least one decoy drive, said at least one mini-trap comprising deceptive information directing ransomware accessing said at least one mini-trap to said decoy drive associated therewith; and
a manager node forming part of said network and configured to manage placement of said at least one mini-trap on said at least one of said plurality of resources and association between said at least one mini-trap and said decoy drive associated therewith.
5 Assignments
0 Petitions
Accused Products
Abstract
A system and a method for identifying the presence of ransomware on a network including a plurality of resources, and for trapping the ransomware therein.
-
Citations
18 Claims
-
1. A system for identifying the presence of malware on a network, comprising:
-
a plurality of resources, interconnected to form a network; at least one decoy drive; at least one mini-trap installed on at least one of said plurality of resources and functionally associated with at one of said at least one decoy drive, said at least one mini-trap comprising deceptive information directing ransomware accessing said at least one mini-trap to said decoy drive associated therewith; and a manager node forming part of said network and configured to manage placement of said at least one mini-trap on said at least one of said plurality of resources and association between said at least one mini-trap and said decoy drive associated therewith. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for identifying the presence of ransomware on a network including a plurality of resources, the method comprising:
-
providing at least one decoy drive including a plurality of decoy files; installing at least one mini-trap on at least one of said plurality of resources, said at least one mini-trap comprising deceptive information directing ransomware accessing said at least one mini-trap to a specific one of said at least one decoy drive associated therewith; and detecting said ransomware encrypting decoy files in said at least one decoy drive, thereby to identify the presence of said ransomware on said at least one of said plurality of resources where said at least one mini-trap is installed. - View Dependent Claims (10, 11, 12, 13)
-
-
14. A system for identifying the presence of malware on a network, comprising:
-
a plurality of resources, interconnected to form a network; at least one decoy drive mounted onto at least one of said plurality of resources; and a manager node forming part of said network and configured to manage placement of said at least one mini-trap on said at least one of said plurality of resources and association between said at least one mini-trap and said decoy drive associated therewith, wherein, when ransomware accesses said at least one decoy drive and encrypts at least one decoy file thereon, said decoy drive continuously provides to said ransomware additional decoy files for encryption, thereby continuously occupying said ransomware. - View Dependent Claims (15, 16, 17, 18)
-
Specification