&#xfeff;<html>
  <head>
    <META http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="html_style_eog.css"/>
<script type="text/javascript">
          function printpage()
          {
          window.print()
          }
        </script>
<script type="text/javascript" src="https://components.uspto.gov/js/ais/40-patentsgazette.js"></script></head>
  <body bgcolor='#FFFFFF' onload='javascript: if ((navigator.appName.indexOf("Netscape")!=-1) && parent.leftFrame!=null) parent.leftFrame.location.reload();'>
    <basefont face="Times New Roman, Times New Roman, Times New Roman " size="2">
      <div style="margin-left: +10pt">
        <table width="90%" border="0" rules="none" align="center">
          <tr align="center">
            <td width="20%" colspan="1" rowspan="2" align="left" valign="top"><a href="https://ppubs.uspto.gov/pubwebapp/external.html?q=12086236.pn.&amp;db=USPAT" target="popup"><input type="button" class="button" value="   Full Text   "></a></td>
            <td class="table_data"><b>US 12,086,236 B2</b></td>
            <td width="20%" colspan="1" rowspan="2" align="right" valign="top">
              <form><input type="button" value="Print this page" onclick="printpage()"></form>
            </td>
          </tr>
          <tr align="center">
            <td colspan="1" class="table_data" style="text-transform: uppercase"><b>System and method for identifying a cryptor that encodes files of a computer system</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b> Evgeny I. Lopatin,  Moscow (RU); and  Dmitry A. Kondratyev,  Moscow (RU)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Assigned to  AO Kaspersky Lab,  Moscow (RU)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed by  AO Kaspersky Lab,  Moscow (RU)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed on May   14, 2021, as Appl. No. 17/320,362.</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Claims priority of application No. RU2020128090 (RU), filed on Aug.  24, 2020.</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Prior Publication US 2022/0058261 A1, Feb.  24, 2022</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Int. Cl. </b><i><b>G06F 21/56</b></i> (2013.01); <i><b>G06F 18/214</b></i> (2023.01); <i><b>G06F 18/2413</b></i> (2023.01); <i><b>G06F 21/54</b></i> (2013.01); <i><b>G06F 21/55</b></i> (2013.01); <i><b>G06N 20/00</b></i> (2019.01)</td>
          </tr>
        </table>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="75%">
            <col width="15%">
          </colgroup>
          <tr align="left">
            <td class="table_data" align="left"><b>CPC </b><i><b>G06F 21/54</b></i> (2013.01)&#xa0;[<i><b>G06F 18/214</b></i> (2023.01); <i><b>G06F 18/24147</b></i> (2023.01); <i><b>G06F 21/554</b></i> (2013.01); <i><b>G06F 21/565</b></i> (2013.01); <i><b>G06F 21/568</b></i> (2013.01); <i><b>G06N 20/00</b></i> (2019.01)]</td>
            <td class="table_data" align="right"><b>18 Claims</b></td>
          </tr>
        </table>
        <center><img src="US12086236-20240910-D00000.gif" alt="OG exemplary drawing"></center>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="90%">
          </colgroup>
          <tr>
            <td class="table_data" align="center">&#xa0;</td>
          </tr>
          <tr>
            <td valign="top" class="para_text">
              <div class="claim_text_root">1. A method for identifying a cryptor that encodes files of a computer system, the method comprising:<div class="claim_text">identifying, by a file processor, one or more files into which a data entry is performed by a suspect process, wherein the identification of the one or more files includes identifying characteristics of each identified file, the characteristics including at least an entropy of at least a part of the file;</div>
                <div class="claim_text">for each identified file, determining, by the file processor, characteristics of the identified file;</div>
                <div class="claim_text">for each identified file, identifying, by an analyzer, classes of file modifications using a trained machine learning model and respective characteristics of the identified file, wherein the classes of file modifications include at least one class for file modifications made by a cryptor and at least one other class for file modifications made by legitimate software, wherein, for each identified file, the trained machine learning model determines a probability of the modification of the file belonging to one of the classes of file modification;</div>
                <div class="claim_text">for each identified file, identifying, by the analyzer, a suspect process as being associated with the cryptor based on the identified classes of file modification of the file;</div>
                <div class="claim_text">protecting the computer system from the cryptor;</div>
                <div class="claim_text">determining, by the analyzer, a number of the one or more files for which the probability of the modifications of the file by the cryptor exceeds a first threshold; and</div>
                <div class="claim_text">when the determined number of the one or more files for which the probability of the modifications of the file exceeds the first threshold is greater than a second threshold, identifying the suspect process as being associated with the cryptor.</div>
              </div>
            </td>
          </tr>
        </table>
      </div>
    
  </body>
</html>