Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Ransomware processing method and system

A processing method and software technology, applied in the field of information security, can solve the problems of not clearing, taking a long time, occupying, etc., and achieve the effect of preventing further infringement and narrowing the scope of judgment

Inactive Publication Date: 2017-03-15
福建平实科技有限公司
View PDF2 Cites 12 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Even with high-precision detection technology, there are still two disadvantages in removing ransomware by deleting files: 1. All malware will change registry data to achieve various malicious operations (such as self-starting, etc.), if only Simple deletion of files will leave junk data written by the ransomware in the registry; 2. If the ransomware has already been run (or injected into some key system processes to run), forcibly deleting the ransomware file will result in the need to read the original file As a result, some processes crash, which leads to system instability and even blue screen
Therefore, using windows system restore to remove ransomware has the following disadvantages: 1. Take up too much disk space
2. Because most of the Windows restore points are to back up executable files (dll or exe), some files that do not exist in the form of these two will not be cleared
3. The algorithm is complex and slow when creating a restore point
Compared with the method of cleaning ransomware by restoring the system based on the principle of disk filter drive, the full backup restoration system supports multi-point restoration, but at the same time, due to the large number of backups, it takes a lot of time, and it also takes a lot of time to restore. time, and due to the large amount of backup data, it requires a large amount of storage space to support

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Ransomware processing method and system
  • Ransomware processing method and system
  • Ransomware processing method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0030] figure 1 It is a schematic flow chart of an optional processing method for ransomware in Embodiment 1 of the present invention Figure 1 .

[0031] Such as figure 1 As shown, a processing method against ransomware, including:

[0032]Step S100, constructing a backup database, wherein the backup database includes at least one restoration point and restoration data corresponding to each restoration point, and the restoration data includes registry data and disk file data.

[0033] Specifically, the registry data in the restoration data may be data in key parts of the registry, including data in the self-starting information part and other registry data that may be changed by ransomware.

[0034] Specifically, the disk file data may be hash values ​​of file paths and file contents of all files in the disk.

[0035] Preferably, if the registry data recorded in the backup database is only the data of key parts in the registry and the hash values ​​of the file paths of al...

Embodiment 2

[0058] image 3 It is an optional processing system structure meaning for ransomware in Embodiment 2 of the present invention Figure 1 .

[0059] In combination with the above method, the present invention also proposes image 3 The shown processing system against ransomware includes a backup database building module, a receiving module, a calling module, a difference comparison module, a locking module and a registry restoring module.

[0060] Wherein, the backup database construction module is used to construct the backup database, wherein the backup database includes at least one restoration point and restoration data corresponding to each restoration point, and the restoration data includes registry data and disk file data.

[0061] The receiving module is used for receiving and processing requests.

[0062] The calling module is used for selecting a restore point from the backup database according to the processing request, and calling the disk file data corresponding...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a ransomware processing method and system; the method comprises the following steps: building a backup database, wherein the backup database comprises at least one restore point and restore data corresponding to each restore point, and the restore data comprises regedit data and disk file data; receiving a processing request; selecting one restore point from the backup database according to the processing request, and invoking the disk file data corresponding to the restore point; traversing the disk, and determining whether the disk has a newly added file according to the disk file data corresponding to the restore point; adding attributes locked in startup on the newly added file if the disk has the newly added file, and restoring the disk according to the regedit data corresponding to the restore point. The ransomware processing method and system can reduce a determination scope of the ransomware in all files, can effectively lock the ransomware so as to prevent the ransomware from forming further damages, and the disk can be simultaneously restored and back to normal.

Description

technical field [0001] The present invention relates to the field of information security, in particular to a processing method and system for ransomware. Background technique [0002] Ransomware is a type of malicious software used by hackers to hijack user assets or resources and extort money from users on the condition of this. Ransomware usually encrypts documents, emails, databases, source codes, pictures, compressed files and other files on the user's system in some form to make them unusable, or interferes with the normal use of the system by modifying the system configuration files The method reduces the availability of the system, and then sends a blackmail notice to the user through a pop-up window, dialog box, or text file, requiring the user to remit money to a designated account to obtain the password for decrypting the file or obtain a method to restore the normal operation of the system. [0003] At present, there are several known methods that can lead to th...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/55G06F21/56
CPCG06F21/552G06F21/562G06F21/568G06F2221/034
Inventor 倪茂志
Owner 福建平实科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com