公开(公告)号：US10387648B2

公开(公告)日：2019-08-20

申请号：US15334311

申请日：2016-10-26

Applicant: Cisco Technology, Inc.

Inventor： Benyamin Hirschberg ,  Moshe Kravchik ,  Arie Haenel ,  Hillel Solow

IPC: G06F21/56

Abstract: In one embodiment, a system includes a central processing unit (CPU) to identify a ransomware process which encrypted a plurality of files yielding a plurality of encrypted files, in response to identifying the ransomware process, dump a memory space and a state of the CPU yielding a memory dump, and search the memory dump for a plurality of candidate encryption keys, and a decryption engine to attempt to decrypt at least one encrypted file of the plurality of encrypted files with different candidate encryption keys of the plurality of candidate encryption keys until the at least one encrypted file is successfully decrypted with one candidate encryption key of the different candidate encryption keys, and decrypt the plurality of encrypted files using the one candidate encryption key. Related apparatus and methods are also described.

公开(公告)号：US20180357416A1

公开(公告)日：2018-12-13

申请号：US15616984

申请日：2017-06-08

Applicant: Cisco Technology, Inc.

Inventor： Oded ASHKENAZI ,  Moshe Kravchik ,  Arie Haenel ,  Benyamin Hirschberg

IPC: G06F21/55 ,  G06F21/44 ,  G06F21/62

Abstract: In one embodiment, a method for protecting a file is implemented on a computing device and includes: intercepting a file-access request from an application-process for the file; searching a whitelist for a whitelist entry associated with the application-process and a file-type for the file, where the whitelist entry indicates that the application-process is allowed to access files of the file-type, and upon determining according to the searching that the application-process is allowed to perform the file-access request, allowing the application-process to access the file according to the file-access request.

公开(公告)号：US10547447B2

公开(公告)日：2020-01-28

申请号：US15694883

申请日：2017-09-04

Applicant: Cisco Technology, Inc.

Inventor： Benyamin Hirschberg ,  Yaron Sella ,  Gilad Taub

IPC: H04L29/06 ,  H04L9/08 ,  H04L9/06

Abstract: In one embodiment, a first apparatus includes a processor and an interface, wherein the interface is operative to receive a request from a second apparatus to commence a keyed-hash message authentication code (HMAC) computation, the processor is operative to perform a first computation computing a first part of the HMAC computation using a secret key K as input yielding a first value, the interface is operative to send the first value to the second apparatus, the interface is operative to receive a second value from the second apparatus, the second value resulting from the second apparatus processing the first value with at least part of a message M, the processor is operative to perform a second computation based on the second value and the secret key K yielding an HMAC value, and the interface is operative to send the HMAC value to the second apparatus.

公开(公告)号：US10540509B2

公开(公告)日：2020-01-21

申请号：US15616984

申请日：2017-06-08

Applicant: Cisco Technology, Inc.

Inventor： Oded Ashkenazi ,  Moshe Kravchik ,  Arie Haenel ,  Benyamin Hirschberg

IPC: G06F21/00 ,  G06F21/62 ,  G06F21/50 ,  G06F21/55 ,  G06F21/56

Abstract: In one embodiment, a method for protecting a file is implemented on a computing device and includes: intercepting a file-access request from an application-process for the file; searching a whitelist for a whitelist entry associated with the application-process and a file-type for the file, where the whitelist entry indicates that the application-process is allowed to access files of the file-type, and upon determining according to the searching that the application-process is allowed to perform the file-access request, allowing the application-process to access the file according to the file-access request.