Patents by Inventor Nikolay Grebennikov

Nikolay Grebennikov has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 11436328
    Abstract: Methods and systems for safeguarding against malware such as ransomware are described. In part, the disclosure relates to systems and methods for restoring user data and other data encrypted by malware or otherwise rendered inaccessible thereby. In one embodiment, the disclosure relates to a method of safeguarding user data. The method includes monitoring a plurality of processes executing on a computing device; detecting when a first process of the plurality of processes attempts to modify one or more parameters of a user data file; determining if first process is a trusted process or an untrusted process using one or more heuristics; and if the first process is determined to be an untrusted process, create a backup version of the user data file, wherein the backup version of the user data file is created with regard to an unchanged version the user data file.
    Type: Grant
    Filed: February 23, 2018
    Date of Patent: September 6, 2022
    Inventors: Vladimir Strogov, Nikolay Grebennikov, Serguei Beloussov, Mark Shmulevich, Stanislav Protasov, Eugene Aseev
  • Patent number: 11438349
    Abstract: Disclosed herein are systems and method for protecting an endpoint device from malware. In one aspect, an exemplary method comprises performing, by a light analysis tool of the endpoint, a light static analysis of a sample, terminating the process and notifying the user when the process is malware, performing light dynamic analysis when the process is not malware based on the light static analysis, when the process is clean based on the light dynamic analysis, enabling the process to execute, when the process is malware, terminating the process and notifying the user, and when the process is suspicious pattern, suspending the process, setting a level of trust, sending the sample to a sandbox, terminating the process and notifying the user when the process is a malware based on received final verdict, enabling the process to resume executing when the process is determined as being clean based on the final verdict.
    Type: Grant
    Filed: September 24, 2020
    Date of Patent: September 6, 2022
    Assignee: Acronis International GmbH
    Inventors: Alexey Kostyushko, Vladimir Strogov, Serguei Beloussov, Stanislav Protasov, Anastasia Pereberina, Nikolay Grebennikov
  • Patent number: 11416612
    Abstract: Disclosed are systems and methods for detecting malicious applications. The described techniques detect a first process has been launched on a computing device, and monitor at least one thread associated with the first process using one or more control points of the first process. An execution stack associated with the one or more control points of the first process is received from the first process. In response to detecting activity on the one or more control points of the first process, an indication that the execution of the first process is malicious is generated by applying a machine learning classifier to the received execution stack associated with the one or more control points of the first process.
    Type: Grant
    Filed: March 15, 2019
    Date of Patent: August 16, 2022
    Assignee: Acronis International GmbH
    Inventors: Vladimir Strogov, Serguei Beloussov, Alexey Dod, Valery Chernyakovsky, Anatoly Stupak, Sergey Ulasen, Nikolay Grebennikov, Vyacheslav Levchenko, Stanislav Protasov
  • Publication number: 20220210169
    Abstract: Disclosed herein are systems and method for optimizing artificial intelligence (A.I)-based malware analysis on offline endpoints in a network. In one aspect, a method includes identifying a file that has not been executed on an endpoint system and scanning the endpoint system to detect malicious behavior using a machine learning algorithm. In response to determining that the endpoint system does not exhibit malicious behavior based on the machine learning algorithm, the method includes enabling execution of the file. Subsequent to the execution of the file, the method includes rescanning the endpoint system to detect malicious behavior using the machine learning algorithm. In response to determining that the endpoint system does exhibit malicious behavior subsequent to the execution, the method includes extracting attributes of the file and retraining the machine learning algorithm using the extracted attributes to detect malicious behavior associated with the file without having to execute the file.
    Type: Application
    Filed: December 1, 2021
    Publication date: June 30, 2022
    Inventors: Nikolay Grebennikov, Candid Wüest, Serguei Beloussov, Stanislav Protasov
  • Publication number: 20220207160
    Abstract: Disclosed herein are systems and method for adjusting data protection levels based on system metadata. A method may include monitoring a computing device for a cyberattack, wherein a kernel driver of the computing device is configured to allow access to kernel control paths and hash tables in accordance with a first protection level, and detecting that the cyberattack is in progress. While the cyberattack is in progress, the method may include identifying kernel control paths and hashes of software objects that will be affected by the cyberattack, and configuring the kernel driver to disable access to the identified kernel control paths and hashes of the software objects in accordance with a second protection level, wherein the second protection level includes greater access restrictions to the computing device than the first protection level.
    Type: Application
    Filed: December 19, 2021
    Publication date: June 30, 2022
    Inventors: Nikolay Grebennikov, Candid Wüest, Serguei Beloussov, Stanislav Protasov
  • Publication number: 20220207136
    Abstract: Disclosed herein are systems and method for detecting usage anomalies based on environmental sensor data. A method may include: receiving a physical user input at a computing device located in an environment; determining whether the physical user input was received from an authorized user of the computing device by: retrieving environmental sensor data from at least one sensor located in the environment; identifying a window of time during which the physical user input was received; and verifying a presence of the authorized user at the environment during the window of time based on the environmental sensor data; and in response to determining that the authorized user was not present in the environment during the window of time, detecting a usage anomaly and not executing the physical user input.
    Type: Application
    Filed: December 1, 2021
    Publication date: June 30, 2022
    Inventors: Nikolay Grebennikov, Candid Wüest, Serguei Beloussov, Stanislav Protasov
  • Publication number: 20220201012
    Abstract: Disclosed herein are systems and method for performing failover during a cyberattack. In one exemplary aspect, a method comprises monitoring a computing device for the cyberattack and detecting that the cyberattack is in progress. While the cyberattack is in progress, the method comprises identifying a failover device that corresponds to the computing device, hardening the failover device to prevent the cyberattack from affecting the failover device, and performing failover by switching from the computing device to the failover device.
    Type: Application
    Filed: November 8, 2021
    Publication date: June 23, 2022
    Inventors: Nikolay Grebennikov, Candid Wüest, Serguei Beloussov, Stanislav Protasov
  • Publication number: 20220197731
    Abstract: Aspects of the disclosure describe methods and systems for cross-referencing forensic snapshots over time. In one exemplary aspect, a method may comprise receiving a first snapshot of a computing device at a first time and a second snapshot of the computing device at a second time and applying a pre-defined filter to the first snapshot and the second snapshot, wherein the pre-defined filter includes a list of files that are to be extracted from each snapshot. The method may comprise subsequent to applying the pre-defined filter, identifying differences in the list of files extracted from the first snapshot and the second snapshot. The method may comprise creating a change map for the computing device that comprises the differences in the list of files over a period of time, wherein the period of time comprises the first time and the second time, and outputting the change map in a user interface.
    Type: Application
    Filed: August 9, 2021
    Publication date: June 23, 2022
    Inventors: Nikolay Grebennikov, Candid Wüest, Serguei Beloussov, Stanislav Protasov
  • Patent number: 11327848
    Abstract: Disclosed herein are systems and methods for data remediation without data loss. In one exemplary aspect, the method comprises performing, at a first time, a first backup of a plurality of files on a file system of a computer system; tracking changes to any of the plurality of files on the file system after the first time; performing, at a second time, a second backup of the plurality of files on the file system; detecting, based on a scan of the second backup, an infection of the computer system caused by a malicious application; identifying, by the processor, a most recent backup of the file system that does not comprise the infection; in response to determining that the first backup is the most recent backup: restoring the first backup to the file system, and restoring a subset of files on the file system for which authorized changes.
    Type: Grant
    Filed: December 18, 2019
    Date of Patent: May 10, 2022
    Assignee: Acronis International GmbH
    Inventors: Oleg Ishanov, Vladimir Strogov, Igor Kornachev, Andrey Kulaga, Nikolay Grebennikov, Serguei Beloussov, Stanislav Protasov
  • Publication number: 20210397726
    Abstract: Disclosed herein are systems and methods for classifying organizational structure for implementing data protection policies. In one exemplary aspect, a method may comprise retrieving a plurality of data files of an organization, wherein the plurality of data files are stored in a data storage; retrieving structural information of the organization, the structural information comprising details of user accounts, organizational roles, and file metadata within the organization; classifying the structural information into an organization type of a plurality of organization types; classifying each respective data file of the plurality of data files into a respective topic of a plurality of topics, wherein the plurality of topics are associated with the organization type; generating a data protection policy for the organization based on each respective topic of the plurality of data files and the organization type; and executing the data protection policy on the data storage.
    Type: Application
    Filed: March 15, 2021
    Publication date: December 23, 2021
    Inventors: Andrey Kulaga, Stanislav Protasov, Serguei Beloussov, Nikolay Grebennikov
  • Publication number: 20210382705
    Abstract: Disclosed herein are systems and method for seamlessly migrating from an existing software to a new software. In one exemplary aspect, a method may comprise retrieving usage activity information of the existing software from the at least one computing device and identifying settings from the existing software to migrate. The method may further comprise converting, based on an internal database with metadata information about the new software, the settings in the existing software to corresponding settings in the new software, and determining, based on the usage activity information, a migration plan indicative of a sequence of tasks for installing the new software and removing the existing software such that a quality of service associated with accessing the plurality of features on the at least one computing device does not decrease to less than a threshold quality of service. The method may further comprise executing the migration plan.
    Type: Application
    Filed: May 18, 2021
    Publication date: December 9, 2021
    Inventors: Andrey Kulaga, Serguei Beloussov, Stanislav Protasov, Nikolay Grebennikov
  • Patent number: 11070570
    Abstract: Disclosed herein are systems and method for correlating malware detections by endpoint devices and servers. In one aspect, an exemplary method comprises receiving, by a correlator, from one or more servers, one or more events collected without invasive techniques, one or more events collected using one or more invasive techniques, and one or more final verdicts, correlating the one or more events collected without invasive techniques with one or more events collected using the one or more invasive techniques, creating a suspicious pattern when an event of the one or more events collected without invasive techniques is correlated with an event of the one or more events collected using the one or more invasive techniques, and the event of the one or more events collected using one or more invasive techniques is used to detect a malware, and updating databases of one or more endpoint devices with created suspicious patterns.
    Type: Grant
    Filed: March 1, 2019
    Date of Patent: July 20, 2021
    Assignee: ACRONIS INTERNATIONAL GMBH
    Inventors: Alexey Kostyushko, Vladimir Strogov, Serguei Beloussov, Stanislav Protasov, Anastasia Pereberina, Nikolay Grebennikov
  • Patent number: 11012449
    Abstract: Disclosed herein are systems and method for detecting malwares by a server of a sandbox. In one aspect, an exemplary method comprises receiving, by a deep dynamic analysis tool of the server, a sample of a process from an endpoint device with a request for a final verdict indicative of whether the process is a malware or clean based on a deep dynamic analysis, collecting events for the sample, the collected events including events collected using at least one invasive technique, analyzing the collected events using one or more detection models of the deep dynamic analysis tool to detect malwares and issue the final verdict, and sending final verdict to the endpoint device from which the sample is received.
    Type: Grant
    Filed: March 1, 2019
    Date of Patent: May 18, 2021
    Assignee: Acronis International GmbH
    Inventors: Alexey Kostyushko, Vladimir Strogov, Serguei Beloussov, Stanislav Protasov, Anastasia Pereberina, Nikolay Grebennikov
  • Publication number: 20210014243
    Abstract: Disclosed herein are systems and method for anti-virus scanning of backup data at a centralized storage. In an exemplary aspect, a method may receive, at the centralized storage, a backup slice from each respective computing device in a plurality of computing devices, wherein the centralized storage comprises, for each respective computing device, a respective backup archive including a plurality of backup slices. The method may mount the received backup slice as a virtual disk. The method may detect, for the respective computing device, a change between the mounted virtual disk and any number of previous backup slices and may evaluate the change against behavioral rules to identify malicious behavior. In response to determining that the change exhibits malicious behavior, the method may execute a remediation action to prevent an attack on the plurality of computing devices or the centralized storage.
    Type: Application
    Filed: June 22, 2020
    Publication date: January 14, 2021
    Inventors: Andrey Kulaga, Vladimir Strogov, Sergey Ulasen, Oleg Ishanov, Igor Kornachev, Nikolay Grebennikov, Stanislav Protasov, Serguei Beloussov
  • Publication number: 20210014251
    Abstract: Disclosed herein are systems and method for protecting an endpoint device from malware. In one aspect, an exemplary method comprises performing, by a light analysis tool of the endpoint, a light static analysis of a sample, terminating the process and notifying the user when the process is malware, performing light dynamic analysis when the process is not malware based on the light static analysis, when the process is clean based on the light dynamic analysis, enabling the process to execute, when the process is malware, terminating the process and notifying the user, and when the process is suspicious pattern, suspending the process, setting a level of trust, sending the sample to a sandbox, terminating the process and notifying the user when the process is a malware based on received final verdict, enabling the process to resume executing when the process is determined as being clean based on the final verdict.
    Type: Application
    Filed: September 24, 2020
    Publication date: January 14, 2021
    Inventors: Alexey Kostyushko, Vladimir Strogov, Serguei Beloussov, Stanislav Protasov, Anastasia Pereberina, Nikolay Grebennikov
  • Patent number: 10826919
    Abstract: Disclosed herein are systems and method for protecting an endpoint device from malware. In one aspect, an exemplary method comprises performing, by a light analysis tool of the endpoint, a light static analysis of a sample, terminating the process and notifying the user when the process is malware, performing light dynamic analysis when the process is not malware based on the light static analysis, when the process is clean based on the light dynamic analysis, enabling the process to execute, when the process is malware, terminating the process and notifying the user, and when the process is suspicious pattern, suspending the process, setting a level of trust, sending the sample to a sandbox, terminating the process and notifying the user when the process is a malware based on received final verdict, enabling the process to resume executing when the process is determined as being clean based on the final verdict.
    Type: Grant
    Filed: October 29, 2018
    Date of Patent: November 3, 2020
    Assignee: ACRONIS INTERNATIONAL GMBH
    Inventors: Alexey Kostyushko, Vladimir Strogov, Serguei Beloussov, Stanislav Protasov, Anastasia Pereberina, Nikolay Grebennikov
  • Patent number: 10712951
    Abstract: Disclosed are methods, systems and computer program products for backing up user data from a social network account. An exemplary general method includes the steps of obtaining access to a user account on a social network, by a social network application; determining, by the social network application, one or more restrictions on external requests for data imposed by the social network; generating, by a backup agent in communication with the social network application, an algorithm for requesting data from the user account based upon the one or more restrictions on external requests for data; requesting user data from the user account, by the social network application, using the algorithm; receiving the user data from the user account, by the social network application; transmitting the received user data from the social network application to the backup agent; and archiving the received user data, by the backup agent.
    Type: Grant
    Filed: September 6, 2017
    Date of Patent: July 14, 2020
    Assignee: Acronis International GmbH
    Inventors: Nikolay Denischenko, Nikolay Grebennikov, Mark Shmulevich, Stanislav Protasov, Serguei M. Beloussov
  • Publication number: 20200210568
    Abstract: Described herein are systems and methods for controlling access to a protected resource based on various criteria. In one exemplary aspect, a method comprises designating a plurality of program data installed on a computing system as protected program data; intercepting, by a kernel mode driver, a request from an untrusted application executing on the computing system to alter at least one of the protected program data; classifying, by a self-defense service, the untrusted application as a malicious application based on the intercepted request and information related to the untrusted application; and responsive to classifying the untrusted application as a malicious application, denying, by the kernel mode driver, access to the at least one of the protected program data.
    Type: Application
    Filed: December 24, 2019
    Publication date: July 2, 2020
    Inventors: Vladimir Strogov, Alexey Dod, Vyacheslav Levchenko, Nikolay Grebennikov, Stanislav Protasov, Serguei Beloussov
  • Publication number: 20200210580
    Abstract: Disclosed are systems and methods for detecting multiple malicious processes. The described techniques identify a first process and a second process launched on a computing device. The techniques receive from the first process a first execution stack indicating at least one first control point used to monitor at least one thread associated with the first process, and receive from the second process a second execution stack indicating at least one second control point used to monitor at least one thread associated with the second process. The techniques determine that both the first process and the second process are malicious using a machine learning classifier on the at least one first control point and the at least one second control point. In response, the techniques generate an indication that an execution of the first process and the second process is malicious.
    Type: Application
    Filed: March 9, 2020
    Publication date: July 2, 2020
    Inventors: Vladimir Strogov, Serguei Beloussov, Alexey Dod, Valery Chernyakovsky, Anatoly Stupak, Sergey Ulasen, Nikolay Grebennikov, Vyacheslav Levchenko, Stanislav Protasov
  • Publication number: 20200192769
    Abstract: Disclosed herein are systems and methods for data remediation without data loss. In one exemplary aspect, the method comprises performing, at a first time, a first backup of a plurality of files on a file system of a computer system; tracking changes to any of the plurality of files on the file system after the first time; performing, at a second time, a second backup of the plurality of files on the file system; detecting, based on a scan of the second backup, an infection of the computer system caused by a malicious application; identifying, by the processor, a most recent backup of the file system that does not comprise the infection; in response to determining that the first backup is the most recent backup: restoring the first backup to the file system, and restoring a subset of files on the file system for which authorized changes.
    Type: Application
    Filed: December 18, 2019
    Publication date: June 18, 2020
    Inventors: Oleg Ishanov, Vladimir Strogov, Igor Kornachev, Andrey Kulaga, Nikolay Grebennikov, Serguei Beloussov, Stanislav Protasov