Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Ransomware defense method and device

A technology of software and software encryption, which is applied in the field of information security, can solve the problems of no solution proposed, the inability to detect unknown ransomware, and the inability to prevent it, so as to achieve the effect of defending against ransomware

Inactive Publication Date: 2017-07-14
福建平实科技有限公司
View PDF6 Cites 16 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0003] The defense scheme for ransomware in the prior art is mainly to discover known ransomware by means of antivirus engine scanning features; Use the samples in the virus database to compare all the programs or files in the machine to see if they match these samples. If it is, it is a virus, otherwise it is not necessarily a virus (because there are still many that have not been discovered or have just been detected. generated virus), but since the virus library of the antivirus engine is known and the collected samples are generated by extracting features, it is impossible to prevent unknown samples that have not been collected, and the scheme based on this principle cannot detect Unknown ransomware; and because the virus database is obtained based on the binary data extraction characteristics of the sample, and the antivirus engine judges whether an unknown file is a virus (ransomware) based on the matching degree of this characteristic, therefore, even known Sample, as long as the binary data judged by the antivirus engine as a feature is changed, the antivirus engine will not be able to detect it, so the defense scheme for ransomware in the prior art has the disadvantage that it cannot be detected even for known viruses and ransomware (as long as If the feature code is changed)
[0004] For the problem that the existing defense schemes against ransomware in the above-mentioned prior art are not enough to deal with known or unknown ransomware, no effective solution has been proposed yet

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Ransomware defense method and device
  • Ransomware defense method and device

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0015] According to an embodiment of the present invention, a method embodiment of a ransomware defense method is provided. It should be noted that the steps shown in the flow chart of the accompanying drawings can be executed in a computer system such as a set of computer-executable instructions, and , although a logical order is shown in the flowcharts, in some cases the steps shown or described may be performed in an order different from that shown or described herein.

[0016] figure 1 is a ransomware defense method according to an embodiment of the present invention, such as figure 1 As shown, the method includes the following steps:

[0017] Step S102, constructing at least one trap folder conforming to the encryption type of ransomware in the disk.

[0018] Specifically, the suffix or file format of the files in the trap folder constructed to meet the encryption type of ransomware, including but not limited to the following types:

[0019]1cd,dbf,dt,cf,cfu,mxl,epf,kd...

Embodiment 2

[0059] According to an embodiment of the present invention, a product embodiment of a ransomware defense device is provided, figure 2 is a ransomware defense device according to an embodiment of the present invention, such as figure 2 As shown, the device includes a construction module, a determination module and a processing module, wherein the construction module is used to construct at least one trap folder conforming to the encryption type of ransomware in the disk; the determination module is used to determine whether the trap folder changes , wherein the change includes at least one of the following: modifying, deleting, renaming the trap folder, and adding new files to the trap folder; the processing module is used to prohibit the execution of presets on the disk when the trap folder changes operate.

[0060] It should be noted here that the above construction modules, determination modules and processing modules correspond to steps S102 to S106 in Embodiment 1, and th...

Embodiment 3

[0073] According to an embodiment of the present invention, a storage medium is provided, the storage medium includes a stored program, wherein when the program is running, the device where the storage medium is located is controlled to execute the ransomware defense method described above.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a ransomware defense method and device. The method comprises the following steps: creating at least one trap folder fitting ransomware encryption type in a magnetic disc; determining whether the trap folder changes, wherein the change includes at least one of the followings: modifying, deleting and renaming the trap folder, and adding a new file into the trap folder; and inhibiting to performing default operation on the magnetic disc in case that the trap folder changes. With the adoption of the ransomware defense method and device, the technical problem that an existing ransomware defense scheme in the prior art is too weak to defense known or unknown ransomware can be solved.

Description

technical field [0001] The present invention relates to the field of information security, in particular to a ransomware defense method and device. Background technique [0002] Ransomware is a type of malicious software used by hackers to hijack user assets or resources and extort money from users on the condition of this. Ransomware usually encrypts documents, emails, databases, source codes, pictures, compressed files and other files on the user's system in some form to make them unusable, or interferes with the normal use of users by modifying system configuration files. The systematic method reduces the availability of the system, and then sends a blackmail notice to the user through pop-up windows, dialog boxes, or text files, requiring the user to transfer money to the designated account to obtain the password for decrypting the file or obtain the method to restore the normal operation of the system. [0003] The defense scheme for ransomware in the prior art is main...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F21/56
CPCG06F21/56G06F21/568
Inventor 倪茂志
Owner 福建平实科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com