logo

For the Inventor, By the Inventor

The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.

The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.

Patent No.:

US 12301615 B1

PDFFull Text
Date of Patent:
May. 13, 2025

Filed:

Apr. 24, 2022

Organization-level ransomware incrimination

Applicant:

Microsoft Technology Licensing, Llc, Redmond, WA (US);

Inventors:

Arie Agranonik, Herzliya, IL;

Shay Kels, Givatayim, IL;

Amir Rubin, Vancouver, CA;

Charles Edouard Elie Bettan, Tel Aviv, IL;

Yair Tsarfaty, Nahariya, IL;

Itai Kollmann Dekel, Herzliya, IL;

Assignee:

Microsoft Technology Licensing, LLC, Redmond, WA (US);

Attorney:

Ogilvie Law Firm

Primary Examiner:

Maung T Lwin

Assistant Examiner:

Judy Bazna

Int. Cl.
CPC ...
H04L 29/06 (2006.01); G06N 3/04 (2023.01); H04L 9/40 (2022.01);
U.S. Cl.
CPC ...
H04L 63/145 (2013.01); G06N 3/04 (2013.01); H04L 63/1416 (2013.01); H04L 63/1425 (2013.01); H04L 63/1433 (2013.01); H04L 63/20 (2013.01);
Abstract

Some embodiments help protect an organization against ransomware attacks by combining incrimination logics. An organizational-level incrimination logic helps detect alert spikes across many machines, which collectively indicate an attack. Graph-based incrimination logics help detect infestations of even a few machines, and local incrimination logics focus on protecting respective individual machines. Graph-based incrimination logics may compare monitored system graphs to known ransomware attack graphs. Graphs may have devices as nodes and device network connectivity, repeated files, repeated processes or actions, or other connections as edges. Statistical analyses and machine learning models may be employed as incrimination logics. Search logics may find additional incrimination candidates that would otherwise evade detection, based on files, processes, IP addresses, devices, accounts, or other computational entities previously incriminated. Incrimination engine results are forwarded to endpoint protection systems, intrusion protection systems, authentication controls, or other intervention mechanisms to enhance monitored system security.

Find Patent Forward Citations

Loading…