首页>
外国专利>
Using recognized backup images for recovery after a ransomware attack
Using recognized backup images for recovery after a ransomware attack
展开▼
机译:在勒索软件攻击后使用公认的备份映像进行恢复
展开▼
页面导航
摘要
著录项
相似文献
摘要
The content of each specific image file in a user's backup set (or other type of file set on an endpoint) is analyzed, for example during a backup of the endpoint. Each analyzed image file is categorized based on the results of analyzing its content. The analysis can be in the form identifying one or more objects graphically represented in given image files, and the categorization of image files can be based on these identified graphically represented object(s). Subsequently (for example during a subsequent backup of the endpoint), modifications made to specific ones of the image files in the file set are detected. In response to a quantification of the detected modifications exceeding a specific threshold level, it is adjudicated that a file corruption event has occurred on the endpoint, such as a cryptographic ransomware attack. In response to the adjudication, one or more security actions are taken.
展开▼