Abstract: Method and device for detecting encryption, in particular for anti-ransomeware software. The invention relates to a device for detecting encryption, comprising a computer (1) with a central processing unit (4) and a memory, which comprises a random-access memory (9) and a mass memory unit (6) comprising files. The central processing unit (4) cooperates with the random-access memory (9) and with an operating system (10) which comprises a core (12) and which is capable of having processes (18) carried out by the central processing unit (4); said processes (18) are divided into wires (20) and may comprise functions for accessing the files. A statistical model for ordinary writing to the header of a file is stored in the memory (6, 9).
Type:
Grant
Filed:
January 16, 2019
Date of Patent:
May 24, 2022
Assignees:
INRIA INSTITUT NATIONAL DE RECHERCHE EN INFORMATIQ, ÉTAT FRANÇAIS, REPRÉSENTÉ PAR LE DÉLÉGUÉ GÉNÉRAL P
Inventors:
Aurélien Palisse, Jean-Louis Lanet, Colas Le Guernic, David Lubicz