US 12,229,261 B1
Antiransomware file analysis and scoring
Robert Bushner, Homeland, CA (US); Alejandro Espinoza, San Marcos, CA (US); Srinivasa Kanamatha, Portland, OR (US); Kristen Lamb, Austin, TX (US); Thanh Le, Carlsbad, CA (US); Seagen Levites, Oregon City, OR (US); Clark Lindsey, Loudon, TN (US); Jorge Medina, Taby (SE); Jonathan Miller, Poway, CA (US); Ryan Smith, Austin, TX (US); Vu Ta, Fellbach (DE); and Kyle West, Austin, TX (US)
Assigned to Halcyon Tech, Inc., Austin, TX (US)
Filed by Halcyon Tech, Inc., Austin, TX (US)
Filed on May 3, 2024, as Appl. No. 18/655,095.
Int. Cl. G06F 21/56 (2013.01)
CPC G06F 21/565 (2013.01) [G06F 2221/034 (2013.01)] 25 Claims
OG exemplary drawing
 
20. A method comprising:
receiving a query requesting a score for a file stored by a file management system;
determining a tenant identification (ID) for the query;
querying a judge database associated with the tenant ID for the score; and
returning the score to the endpoint;
wherein:
there are a plurality of judges each having an associated judge database, each of the judges being executed by a judgment engine;
an analysis engine generates information characterizing each file which is indicative of a level of trustworthiness, the generated information comprising one or more of attributes indicative of the file comprising ransomware, at least one of the attributes indicating one or more of whether the corresponding file is packed, whether the corresponding file is signed, or whether the corresponding file contains code causing files to be uploaded;
each of a plurality of judges are notified to commence or revisit a judging process based on the generated analysis information;
each of the judges retrieve the analysis information in response to the notifying;
each of the judges comprising or executing a corresponding machine learning model to determine a respective trustworthiness score for each file based on the analysis information; and
storing the trustworthiness scores in the corresponding judge database.