SYSTEM AND METHOD TO PREVENT, DETECT, THWART, AND RECOVER AUTOMATICALLY FROM RANSOMWARE CYBER ATTACKS, USING BEHAVIORAL ANALYSIS AND MACHINE LEARNING

摘要

An anti-ransomware system for a computer system has a deception component comprising a decoy module configured to place decoy segments within one or more file systems, a detection component comprising a behavioral analysis module configured to analyze the behavior of a suspected ransomware, and a response component. The response component has a suspend/kill module configured to suspend the suspected ransomware, a restore files module configured to restore files from an on-demand backup system, a capture encryption key module configured to retrieve the encryption used by the suspected ransomware, and a quarantine module configured to quarantine the suspected ransomware on the device and to quarantine the device off the network, to prevent spread of infection. In an embodiment, the detection and/or response components operate within a kernel-level access. The system's detection component may further comprise a machine-learning module, and the decoy segments may be on-demand and dynamic.