Research Output
Detection of Ransomware
  The present invention relates to a computer program product, a computing device and a method of detecting a file encrypted by ransomware by identifying a file write operation for a file on the computing device and determining if a predetermined number of bytes of the file is stored in a memory buffer on the computing device. An entropy value of the predetermined number of bytes in the memory buffer is determined and compared to a first predetermined threshold, wherein if the determined entropy value exceeds the first predetermined threshold the file associated with the file write operation is flagged as being potentially encrypted by ransomware.

  • Date:

    09 May 2024

  • Publication Status:

    Published

  • Funders:

    Edinburgh Napier Funded

Citation

Buchanan, B., McLaren, P., Russell, G., & Tan, Z. (2024). Detection of Ransomware. US20240152616A1

Authors

Keywords

ransomware, encryption, detection

Monthly Views:

Available Documents