	US 11,720,678 B2
	Systems and methods for ransomware detection and mitigation
Dennis Underwood, Oakmont, PA (US); Kyle Nehman, Hillsboro, MD (US); Noah Greenberg, Venetia, PA (US); and Mark Weideman, Gibsonia, PA (US)
Assigned to Cyber Crucible, Pittsburgh, PA (US)
Filed by Cyber Crucible Inc., Severna Park, MD (US)
Filed on Jul. 21, 2020, as Appl. No. 16/934,997.
Claims priority of provisional application 62/877,748, filed on Jul. 23, 2019.
Prior Publication US 2021/0026961 A1, Jan. 28, 2021
Int. Cl. G06F 21/56 (2013.01); G06F 16/22 (2019.01)

CPC G06F 21/566 (2013.01) [G06F 16/2246 (2019.01); G06F 2221/034 (2013.01)]

20 Claims

1. A method for protecting a computing device of a target system against ransomware attacks, wherein the computing device employs a file system having a data structure used by an operating system of the computing device for accessing files based on file paths, wherein operating system uses a filing system implemented in a storage having a directory that contains a list of file names and other information related to the files, including the file paths, the method comprising the steps of:

a. installing an agent in the computing device, wherein the agent is a software or a hardware that performs one or more actions autonomously on behalf of the target system, including specifying one or more saved file paths in the storage device to one or more trap files each having a trap file name in the directory, wherein a trap file is a file access to which indicates a probability of ransomware attack;

b. monitoring access to the one or more trap files to detect the probability of ransomware attack;

c. upon detecting access to a trap file, performing a remedial action against the probability of ransomware attack.