Abstract: The present disclosure relates to securing networks against attacks launched via connection of peripheral devices to networked devices.

Abstract: A method of managing a network of connected network devices can include detecting that a device descriptor file for a first network device has been updated and stored to a data store managed by a peer-to-peer network of computing systems; analyzing the updated device descriptor file stored to the data store; analyzing historical information stored in the data store regarding other device descriptor file updates related to the first network device or related to other network devices; performing predictive analytics processing on the results of the analyzing and generating a result; and storing the result of the performing predictive analytics processing to the data store.

Abstract: A computer implemented method for decrypting an encrypted data store at a target computer system, the data store being encrypted by a ransomware algorithm using a searchable encryption algorithm, the method including determining an encryption algorithm used by the ransomware algorithm; determining seed parameters used by the encryption algorithm to generate an encryption key; generating the encryption key using the seed parameters; and decrypting the encrypted data store.

Abstract: A computer implemented method of identifying an encryption algorithm used by a ransomware algorithm, the ransomware algorithm encrypting a data store of a target computer system using a searchable encryption algorithm, the method including intercepting an ordered plurality of messages communicated from the target computer system to a ransomware server computer system, each message including a payload storing an encrypted unit of data from the target computer system; inspecting a final byte in the encrypted unit of data in each message to identify a byte value used by an encryption algorithm of the ransomware as a padding byte to pad messages to the size of an integral multiple of units of encryption for the encryption algorithm; training an autoencoder based on a position of a message in the ordered plurality of messages and the padding byte to provide a trained autoencoder adapted to differentiate the encryption algorithm used by the ransomware from other different encryption algorithms.

Abstract: The present disclosure relates to securing networks against attacks launched via connection of peripheral devices to networked devices.

Abstract: A computer implemented method for decrypting an encrypted data store at a target computer system, the data store being encrypted by a ransomware algorithm using a searchable encryption algorithm, the method including determining an encryption algorithm used by the ransomware algorithm; determining seed parameters used by the encryption algorithm to generate an encryption key; generating the encryption key using the seed parameters; and decrypting the encrypted data store.

Abstract: A computer implemented method of identifying a ransomware algorithm, the ransomware algorithm having associated a predetermined responsive action for mitigating the effect of the ransomware algorithm in use, the method including exposing a target computer system to the ransomware algorithm, the target computer system containing a predetermined set of sample data stored therein that is encrypted by the ransomware algorithm using a searchable encryption algorithm; intercepting an index of the searchable encryption algorithm; training an autoencoder based on the index to provide a trained autoencoder adapted to identify the ransomware algorithm based on the index.

Abstract: A computer implemented method of identifying an encryption algorithm used by a ransomware algorithm, the ransomware algorithm encrypting a data store of a target computer system using a searchable encryption algorithm, the method including intercepting an ordered plurality of messages communicated from the target computer system to a ransomware server computer system, each message including a payload storing an encrypted unit of data from the target computer system; inspecting a final byte in the encrypted unit of data in each message to identify a byte value used by an encryption algorithm of the ransomware as a padding byte to pad messages to the size of an integral multiple of units of encryption for the encryption algorithm; training an autoencoder based on a position of a message in the ordered plurality of messages and the padding byte to provide a trained autoencoder adapted to differentiate the encryption algorithm used by the ransomware from other different encryption algorithms.

Abstract: A computer system having a system memory and being arranged to permit a target program (90) installed on the system to be modified in a trusted manner. The system comprises a White-list Management Agent, WMA, module (10) for receiving, at a notification receiver (12), a notification that the target program (90) which is loaded into the system memory of the computer system has performed an update operation on the target program resulting in the generation and storage of a modified version of the target program on a storage device associated with the computer system. The WMA module is operable, upon receipt of a target program update notification, to determine if the program (90) as loaded into the system memory is in a trusted state by measuring the program (90) using a program measurer module (14) and comparing this, using a comparator (16), with a pre-stored value contained in a program whitelist (30), the pre-stored value being obtained from the program whitelist (30) using a whitelist reader/writer (18).

Abstract: A computer system having a system memory and being arranged to permit a target program (90) installed on the system to be modified in a trusted manner. The system comprises a White-list Management Agent, WMA, module (10) for receiving, at a notification receiver (12), a notification that the target program (90) which is loaded into the system memory of the computer system has performed an update operation on the target program resulting in the generation and storage of a modified version of the target program on a storage device associated with the computer system. The WMA module is operable, upon receipt of a target program update notification, to determine if the program (90) as loaded into the system memory is in a trusted state by measuring the program (90) using a program measurer module (14) and comparing this, using a comparator (16), with a pre-stored value contained in a program whitelist (30), the pre-stored value being obtained from the program whitelist (30) using a whitelist reader/writer (18).