|
1. A method for protecting a computing system (CS) against ransomware attacks using virtual file honeypots (VFHs) under virtual honeypot driver control, the method comprising: monitoring one or more operations on the CS; determining whether the one or more operations include any operations that are suspicious according to a policy; identifying a potentially malicious actor associated with the one or more operations that are suspicious; calculating a confidence level for the potentially malicious actor identification; collecting behavior information and characteristics of the potentially malicious actor, wherein characteristics include at least one of: a certificate; a hash of a file, a binary file, or a reputation; identifying at least one process or injected thread in a trusted process created by the potentially malicious actor on the CS; when the confidence level is above a predefined threshold, generating VFH security parameters by applying a machine learning module to at least one of: a CS environment information, behavior information of the potentially malicious actor, the characteristics of the potentially malicious actor, or auxiliary information; generating a plurality of VFHs based on the security parameters; providing the at least one process or injected thread in a trusted process with the plurality of VFHs mixed with real system files; and detecting the potentially malicious actor as malware by performing a heuristic analysis.
|
