US 11,943,247 B2
Systems and methods for detection and mitigation of malicious encryption
Daniel Vernon Bailey, Menlo Park, CA (US)
Assigned to OPEN TEXT INC., Menlo Park, CA (US)
Filed by OPEN TEXT INC., Menlo Park, CA (US)
Filed on Nov. 7, 2022, as Appl. No. 17/982,257.
Application 17/982,257 is a continuation of application No. 16/839,377, filed on Apr. 3, 2020, granted, now 11,516,236.
Application 16/839,377 is a continuation of application No. 15/727,463, filed on Oct. 6, 2017, granted, now 10,637,879, issued on Apr. 28, 2020.
Prior Publication US 2023/0084558 A1, Mar. 16, 2023
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/40 (2022.01); G06F 21/55 (2013.01); H04L 9/14 (2006.01)
CPC H04L 63/1425 (2013.01) [G06F 21/554 (2013.01); H04L 9/14 (2013.01); H04L 63/0428 (2013.01); H04L 63/1416 (2013.01); H04L 63/1466 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method for detecting and mitigating malicious encryption, comprising:
detecting, by a security agent executed by a computing device, a write operation for a first item of data;
detecting, by the security agent, an encryption key in the first item of data based on the application of one or more tests to the first item of data, wherein the plurality of tests includes:
attempting to decode, by the security agent, the first item of data and analyzing the decoded data for the presence of predetermined strings or formats associated with an encryption key, and
determining if a numeric representation of the first item of data is a composite number and analyzing, by the security agent, the first item of data by attempting at least a partial factorization of the numeric representation; and
responsive to detecting an encryption key in the first item of data based on the application of the one or more tests:
generating an alert, by the security agent, indicating a likely malicious encryption attempt, and
taking, by the security agent, one or more actions to mitigate the malicious encryption attempt.