Online payments giant PayPal has been awarded a patent for a technique that could detect a type of crypto malware and mitigate its effects.
First filed in September 2016 and awarded Tuesday by the U.S. Patent and Trademark Office (USPTO), the patent outlines how taking advantage of existing system data caches can help detect ransomware and prevent it from irretrievably locking up victims’ files.
Ransomware can encrypt the contents of a hard drive or other networked files and make it inaccessible for system users, the patent states, so “a system user who lacks decryption keys will no longer be able to readily access his or her data.”
PayPal, therefore, is looking to prevent such a situation with a method involving detecting a first copy of original content that has been loaded into a cache of a computer system, retaining in the cache a second copy of that file and comparing the two to determine if the altered content represents an encrypted version of the original content. It then prevents the original content from being deleted if the altered content has been encrypted.
The patent explains:
“By detecting that ransomware is operating on a computer (e.g. by correlating between the original data and content in different cache layers), the negative effects of the ransomware may be mitigated or avoided.”
One way users, such as consumers and small businesses, can avoid data loss is by backing up data, the document states. Yet, even if a backup system is in place, data can still be lost, as files that have been encrypted by ransomware may be automatically backed up – overwriting the originals.
Detecting ransomware operations at an early stage,