	US 11,941,119 B2
	Mitigation of ransomware
Craig D. Schmugar, Beaverton, OR (US); Cedric Cochin, Portland, OR (US); Andrew Furtak, Beaverton, OR (US); Adam James Carrivick, Ashland (GB); Yury Bulygin, Beaverton, OR (US); John J. Loucaides, Forest Grove, OR (US); Oleksander Bazhaniuk, Sunnyvale, CA (US); Christiaan Beek, West-Linn, OR (US); Carl D. Woodward, Santa Clara, CA (US); Ronald Gallella, Beaverton, OR (US); Gregory Michael Heitzmann, Beaverton, OR (US); and Joel R. Spurlock, Portland, OR (US)
Assigned to McAfee, LLC, San Jose, CA (US)
Filed by McAfee, LLC, San Jose, CA (US)
Filed on Oct. 6, 2020, as Appl. No. 17/064,319.
Application 17/064,319 is a continuation of application No. 15/210,165, filed on Jul. 14, 2016, granted, now 10,831,893.
Prior Publication US 2021/0019411 A1, Jan. 21, 2021
This patent is subject to a terminal disclaimer.
Int. Cl. G06F 21/56 (2013.01); G06F 21/55 (2013.01); G06F 21/62 (2013.01)

CPC G06F 21/566 (2013.01) [G06F 21/554 (2013.01); G06F 21/6218 (2013.01); G06F 2221/2141 (2013.01)]

20 Claims

1. At least one non-transitory computer-readable medium comprising one or more instructions that when executed by at least one processor, cause the at least one processor to:

determine that an application on a system begins to execute;

determine that the application accesses and attempts to modify a file on the system;

monitor operations on randomly chosen existing user files;

determine a system entropy value that includes a rate at which random locations of the randomly chosen existing user files are being modified by the application; and

create a security event based on a determination that the system entropy value satisfies a threshold.