US2023132303A1PendingUtilityA1

System for blocking a ransomware attack

Assignee: NAMUSOFT CO LTDPriority: Nov 27, 2019Filed: Dec 22, 2022Published: Apr 27, 2023
Est. expiryNov 27, 2039(~13.4 yrs left)· nominal 20-yr term from priority
Inventors:Jong Hyun Woo
H04L 67/1095H04L 63/1416G06F 11/1446H04L 63/10G06F 2201/825G06F 21/554H04L 63/20H04L 63/14H04L 63/1483G06F 2201/80G06F 21/566H04L 63/08G06F 21/56H04L 63/145
64
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

Provided is a system for blocking a phishing attack including a phishing attack prevention storage device, and an agent program which is installed in a user terminal or a service server and performs an interworking operation with the phishing attack prevention storage device when the user terminal or the service server is connected with the phishing attack prevention storage device via a network. According to the embodiment of the present invention, when there is an open request for the file stored in the phishing attack prevention storage device from the user terminal or the service server, the phishing attack prevention storage device may check a storage operation mode and create a fake file other than the open-requested original file when the storage operation mode corresponds to a list-only mode to return the fake file to the user terminal or the service server.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
         1 . A system for blocking a ransomware attack as a system for a server for blocking a ransomware attack comprising:
 a backup storage device which has a purpose for backing up the stored data in a server as a separate storage device which is physically independent from the server and includes a communication interface to enable a communication access to the server; and a service agent which is installed in the server to mediate the communication with the backup storage device,   wherein while the backup storage device is storage-mounted on the server, after the data backup to the backup storage device for the storage data in the server is performed, when there is the lock command for the backup data backed up in the backup storage device,   the backup storage device locks the corresponding backup data according to the lock command to process the locked backup data to be provided only in an uncorrectable read-only mode.   
     
     
         2 . The system for blocking the ransomware attack of  claim 1 , wherein the data backup to the backup storage device is processed only when the backup command for the storage data in the server is made, and when the service agent transmits the backup command received to the server to the backup storage device and the backup storage device backs up the corresponding storage data according to the received backup command. 
     
     
         3 . The system for blocking the ransomware attack of  claim 1 , wherein when the data correction command received from the server is transmitted from the service agent, the backup storage device confirms whether target data of the data correction command relates to the locked backup data, and when the target data is confirmed as the data correction command for the locked backup data, the backup storage device rejects the corresponding data correction command. 
     
     
         4 . The system for blocking the ransomware attack of  claim 3 , wherein when the target data of the data correction command is the locked backup data, even in the case where the locked backup data is storage-mounted on a different storage device from the server, the backup storage device rejects the data correction command for the corresponding backup data received from the different storage device and processes the corresponding backup data to be provided only in the read-only mode. 
     
     
         5 . The system for blocking the ransomware attack of  claim 1 , wherein the backup storage device includes a hardware switch or a software switch for unlocking the locked state set in the backup data, and
 even in the case where the unlock command for the locked backup data is transmitted through the service agent, when switching to the unlocked state is not performed through an operating switching of the hardware switch or the software switch, the unlock command is rejected.   
     
     
         6 . The system for blocking the ransomware attack of  claim 5 , wherein when the switching to the unlocked state is performed by the hardware switch or the software switch, the backup storage device releases the read-only mode for the backup data according to the locked state to switch the corresponding backup data into a data correctable state. 
     
     
         7 . The system for blocking the ransomware attack of  claim 6 , wherein the switching to the unlocked state is able to select any one of a batch unlock mode performed for the entire backup data in the backup storage device and a selective unlock mode performed only for the requested backup data.

Join the waitlist — get patent alerts

Track US2023132303A1 — get alerts on status changes and closely related new filings.

We store only your email — no account needed. See our privacy policy.