-
公开(公告)号:US20200034537A1
公开(公告)日:2020-01-30
申请号:US16049574
申请日:2018-07-30
Applicant: Rubrik, Inc.
Inventor: Oscar Chen , Di Wu , Benjamin Reisner , Matthew E. Noe
Abstract: Described herein is a system that detects ransomware infection in filesystems. The system detects ransomware infection by using backup data of machines. The system detects ransomware infection in two stages. In the first stage, the system analyzes a filesystem's behavior. The filesystem's behavior can be obtained by loading the backup data and crawling the filesystem to create a filesystem metadata including information about file operations during a time interval. The filesystem determines a pattern of the file operations and compares the pattern to a normal patter to analyze the filesystem's behavior. If the filesystem's behavior is abnormal, the system proceeds to the second stage to analyze the content of the files to look for signs of encryption in the filesystem. The system combines the analysis of both stages to determine whether the filesystem is infected by ransomware.
-
公开(公告)号:US11120131B2
公开(公告)日:2021-09-14
申请号:US16049574
申请日:2018-07-30
Applicant: Rubrik, Inc.
Inventor: Oscar Chen , Di Wu , Benjamin Reisner , Matthew E. Noe
IPC: G06F21/56 , G06F11/14 , G06F16/11 , G06F16/951
Abstract: Described herein is a system that detects ransomware infection in filesystems. The system detects ransomware infection by using backup data of machines. The system detects ransomware infection in two stages. In the first stage, the system analyzes a filesystem's behavior. The filesystem's behavior can be obtained by loading the backup data and crawling the filesystem to create a filesystem metadata including information about file operations during a time interval. The filesystem determines a pattern of the file operations and compares the pattern to a normal patter to analyze the filesystem's behavior. If the filesystem's behavior is abnormal, the system proceeds to the second stage to analyze the content of the files to look for signs of encryption in the filesystem. The system combines the analysis of both stages to determine whether the filesystem is infected by ransomware.
-
公开(公告)号:US20230409713A1
公开(公告)日:2023-12-21
申请号:US18458466
申请日:2023-08-30
Applicant: Rubrik, Inc.
Inventor: Oscar Chen , Di Wu , Benjamin Reisner , Matthew Edward Noe
IPC: G06F21/56 , G06F11/14 , G06F16/11 , G06F16/951
CPC classification number: G06F21/565 , G06F11/1458 , G06F16/128 , G06F16/951 , G06F2201/84 , G06F2221/034
Abstract: Described herein is a system that detects ransomware infection in filesystems. The system detects ransomware infection by using backup data of machines. The system detects ransomware infection in two stages. In the first stage, the system analyzes a filesystem's behavior. The filesystem's behavior can be obtained by loading the backup data and crawling the filesystem to create a filesystem metadata including information about file operations during a time interval. The filesystem determines a pattern of the file operations and compares the pattern to a normal patter to analyze the filesystem's behavior. If the filesystem's behavior is abnormal, the system proceeds to the second stage to analyze the content of the files to look for signs of encryption in the filesystem. The system combines the analysis of both stages to determine whether the filesystem is infected by ransomware.
-
公开(公告)号:US11783036B2
公开(公告)日:2023-10-10
申请号:US17370203
申请日:2021-07-08
Applicant: Rubrik, Inc.
Inventor: Oscar Chen , Di Wu , Benjamin Reisner , Matthew Edward Noe
IPC: G06F21/56 , G06F16/951 , G06F11/14 , G06F16/11
CPC classification number: G06F21/565 , G06F11/1458 , G06F16/128 , G06F16/951 , G06F2201/84 , G06F2221/034
Abstract: Described herein is a system that detects ransomware infection in filesystems. The system detects ransomware infection by using backup data of machines. The system detects ransomware infection in two stages. In the first stage, the system analyzes a filesystem's behavior. The filesystem's behavior can be obtained by loading the backup data and crawling the filesystem to create a filesystem metadata including information about file operations during a time interval. The filesystem determines a pattern of the file operations and compares the pattern to a normal patter to analyze the filesystem's behavior. If the filesystem's behavior is abnormal, the system proceeds to the second stage to analyze the content of the files to look for signs of encryption in the filesystem. The system combines the analysis of both stages to determine whether the filesystem is infected by ransomware.
-
-
-
Search Results
4
records
(took 0.012 seconds)
