International Business Machines Corporation
Ransomware detection and prevention

Abstract:

Embodiments are described for detecting ransomware attacks. Aspects include receiving a memory access request for a memory location. Aspects also include allowing the memory access request based on a determination that the memory location is not present in a decoy address table. Aspects further include terminating a process that made the memory access request based on a determination that the memory location is present in the decoy address table.