US 12,437,070 B2
Ransomware detection via monitoring open file or process
Ofir Ezrielev, Be'er Sheba (IL); Yeh'iel Zohar, Sderot (IL); Yevgeni Gehtman, Modi'in (IL); Tomer Shachar, Beer-Sheva (IL); and Maxim Balin, Gan-Yavne (IL)
Assigned to Dell Products L.P., Round Rock, TX (US)
Filed by Dell Products L.P., Round Rock, TX (US)
Filed on Apr. 1, 2023, as Appl. No. 18/194,624.
Prior Publication US 2024/0330460 A1, Oct. 3, 2024
Int. Cl. G06F 21/56 (2013.01); H04L 9/40 (2022.01)
CPC G06F 21/566 (2013.01) [G06F 21/562 (2013.01); H04L 63/145 (2013.01)] 18 Claims
OG exemplary drawing
 
1. A method comprising:
monitoring a bait file stored in a storage system of a computing system, wherein the bait file is owned by a bait process such that the bait file is locked by a locking process that is not a malware process, wherein the monitoring the bait file includes monitoring the bait process;
detecting an access attempt to the bait file by a process operating in the computing system;
determining that the process attempting to access the locked bait file is a malware process, wherein the access attempt includes an attempt to remove a lock on the bait file or kill the bait process; and
performing a protection operation on the malware process.