SYSTEM AND METHOD FOR DETECTING AND MITIGATING RANSOMWARE THREATS

摘要

This disclosure relates generally to malware detection, and more particularly to system and method for detecting and mitigating ransomware threats. For a User Equipment being monitored, the system performs a behavior analysis of corresponding file system to determine whether any anomalous behavior that would amount to a ransomware threat is associated with flies associated with the file system change, if present, then the system virtualizes the file system on the fly. If information pertaining to the identified anomalous behavior is present in any of the reference databases in the system, then all the I/O calls are terminated or the file system is virtualized for rest of the session. If data pertaining to the identified anomalous behavior is not found in any of the associated databases, then new behavioral features and structural patterns of the identified anomalous behavior and the associated processes are extracted, and the reference databases are updated accordingly.