US 12,468,805 B2
Detecting ransomware
Kunal Mehta, Hillsboro, OR (US); Sherin Mary Mathews, Santa Clara, CA (US); Carl D. Woodward, Santa Clara, CA (US); Celeste R. Fralick, Lubbock, TX (US); and Jonathan B. King, Hillsboro, OR (US)
Assigned to McAfee, LLC, San Jose, CA (US)
Filed by McAfee, LLC, San Jose, CA (US)
Filed on Mar. 26, 2024, as Appl. No. 18/617,424.
Application 18/617,424 is a continuation of application No. 17/867,259, filed on Jul. 18, 2022, granted, now 11,977,630.
Application 17/867,259 is a continuation of application No. 17/063,024, filed on Oct. 5, 2020, granted, now 11,392,695, issued on Jul. 19, 2022.
Application 17/063,024 is a continuation of application No. 16/142,316, filed on Sep. 26, 2018, granted, now 10,795,994, issued on Oct. 6, 2020.
Prior Publication US 2024/0346139 A1, Oct. 17, 2024
This patent is subject to a terminal disclaimer.
Int. Cl. G06F 21/56 (2013.01); G06N 3/08 (2023.01)
CPC G06F 21/56 (2013.01) [G06N 3/08 (2013.01); G06F 2221/034 (2013.01)] 20 Claims
OG exemplary drawing
 
1. An apparatus, comprising:
a memory that stores an instruction; and
a processor configured to execute the instruction to
determine a file type of a file,
identify an access operation on the file,
perform a statistical analysis of the file to determine a difference between an expected byte distribution value of the file type and a computed byte distribution value of the file, and
performing a remediation at least in part based on the access operation.