The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.

H04L 63/1491 (2013.01); G06F 21/554 (2013.01); G06N 20/00 (2019.01); H04L 63/0245 (2013.01); H04L 63/1416 (2013.01); H04L 63/1433 (2013.01); H04L 67/1097 (2013.01);

Abstract

A system and method is provided for detecting ransomware and malicious programs. An exemplary method comprises generating, by a hardware processor, a file honeypot in a directory in a filesystem, wherein the file honeypot is included on a file list of contents of the directory, receiving a directory enumeration request from a process executing in an operating system environment, determining whether the process is identified in a list of trusted processes based on one or more of a certificate, fingerprint, name, and process identifier, when the process is not found in the list of trusted processes, providing, by the filesystem, the file list including the file honeypot to the process responsive to receiving the directory enumeration request and otherwise, providing the file list excluding the file honeypot to the process, intercepting, by a filesystem filter driver, a file modification request for the file honeypot from the process when the file honeypot is included in the file list and identifying the process as a suspicious object responsive to intercepting the file modification request from the process.

Find Patent Forward Citations