Skip to main content

Research Repository

Advanced Search

Detection of Ransomware

Buchanan, Bill; McLaren, Peter; Russell, Gordon; Tan, Zhiyuan



The present invention relates to a computer program product, a computing device and a method of detecting a file encrypted by ransomware by identifying a file write operation for a file on the computing device and determining if a predetermined number of bytes of the file is stored in a memory buffer on the computing device. An entropy value of the predetermined number of bytes in the memory buffer is determined and compared to a first predetermined threshold, wherein if the determined entropy value exceeds the first predetermined threshold the file associated with the file write operation is flagged as being potentially encrypted by ransomware.


Buchanan, B., McLaren, P., Russell, G., & Tan, Z. (2024). Detection of Ransomware. US20240152616A1

Online Publication Date May 9, 2024
Publication Date May 9, 2024
Deposit Date May 21, 2024
Keywords ransomware, encryption, detection