Eureka AIR delivers breakthrough ideas for toughest innovation challenges, trusted by R&D personnel around the world.

Ransomware detection method and system

A detection method and blackmailer's technology, applied in the field of information security, can solve the problems that files cannot be tampered with by malicious programs, data cannot be decrypted, and safe program operations cannot be guaranteed.

Inactive Publication Date: 2017-06-13
HARBIN ANTIY TECH
View PDF5 Cites 16 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

To some extent, even if the user pays the ransom to the malicious code author, the data may not be decrypted. This is a catastrophic event for enterprises and departments with important resources, such as: once the medical department, bank, and government department are attacked by ransomware , it will paralyze all business systems, and the loss is immeasurable
[0003] At present, mainstream antivirus software has a file protection function, which can ensure that files are not maliciously tampered with, but this approach may also affect the operation of normal software on files. Even though the whitelist mechanism can guarantee the normal access of some software, it cannot guarantee all Actions on files by security programs
At the same time, whitelist technology cannot guarantee that files will not be tampered with by malicious programs, so it is not suitable for blackmailers, because many blackmailer viruses release attacks by injecting whitelist processes, such as explorer or svchost processes

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Ransomware detection method and system
  • Ransomware detection method and system
  • Ransomware detection method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0029] The present invention provides a detection method and a system embodiment of a blackmailer virus, in order to enable those skilled in the art to better understand the technical solutions in the embodiments of the present invention, and to enable the above-mentioned purposes, features and advantages of the present invention to It is more obvious and easy to understand, and the technical solution in the present invention will be described in further detail below in conjunction with the accompanying drawings:

[0030] The present invention firstly provides a detection method embodiment of a blackmailer virus, such as figure 1 shown, including:

[0031] S101: If there is a process of modifying the file, suspend the process and back up the file to a readable area, and release the process after the backup is completed. The purpose is to prepare for subsequent file recovery operations, thereby reducing user losses.

[0032] S102: Compare the entropy values ​​of the modified ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a ransomware detection method and system. The method comprises the steps of suspending a process and backing up files to a readable region if the file modification process exists, and releasing the process after the backup is finished; comparing entropy values of modified files and the backed-up files, and judging whether the current process performs encryption operation on the files or not; if the encryption operation exists, collecting all the encrypted files, and judging whether a proportion of the files with the same expanded names exceeds a preset value or not; if yes, continuing to judge whether the file names of the files with the same expanded names are consistent in length and part of same character strings exist or not; and if yes, judging that the files are suspected ransomware. According to the technical scheme, the ransomware can be effectively identified, the false alarm rate is reduced, and the operation of normal software on the files is not influenced.

Description

technical field [0001] The invention relates to the technical field of information security, in particular to a detection method and system for a blackmailer virus. Background technique [0002] Ransomware is a relatively popular virus in the past two years, especially in 2016, ransomware in my country has exploded. Once the ransomware infects the system, it will encrypt document files, picture files, text files, etc. on the computer disk. After the encryption is successful, it will notify the user through webpage files, TXT files, screen saver pictures, etc. within a certain period of time before paying the ransom. Give the way of decryption. Ransomware authors use very complex random asymmetric encryption to encrypt user data, and only malicious code authors can decrypt it. To some extent, even if the user pays the ransom to the malicious code author, the data may not be decrypted. This is a catastrophic event for enterprises and departments with important resources, suc...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/56
CPCG06F21/566G06F21/568G06F2221/033
Inventor 张慧云
Owner HARBIN ANTIY TECH
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com