Researchers: Darkfloyd, Ozetta, AlanH0, wwwkenwong
In today’s digital landscape, ransomware has emerged as a pervasive and highly disruptive threat to organizations worldwide.
Our team handled ransomware incidents over the years, and we encountered several scenarios for how the victims were infected by ransomware. We realized a Ransomware Security Operations Center (RansomSOC) could be promising. The goal of RansomSOC is to detect ransomware earlier, reduce the impact of the ransomware infection on the target systems, and keep the critical data survival time for servers and workstations longer during a ransomware attack, especially partial victims’ networks, servers, and workstations are compromised already.
In Y2022, Anthony published a paper called RansomSOC: A More Effective Security Operations Center to Detect and Respond to Ransomware Attacks, which was accepted in JSIS from South Korea (https://repository.hkust.edu.hk/ir/Record/1783.1-121099). For details, you can read the paper as it is under open access.
Invention
We handled several critical ransomware incidents from various sizes of organizations. The idea of RansomSOC can be implemented to deal with this attack. Anthony suddenly raises an idea of whether we can apply for a patent for this idea. However, we need to ensure this idea was taken or published before. Zetta has attempted to search around, and there is no such patent except one about “File Protector,” which is about backing up the files into other files. Fortunately, with the team’s consent, we see how to apply for a patent for this idea.
Seeking a Patent Agency
We have no connections with the agency; Anthony did a Google search and checked the references. We have found a law firm experienced in patent applications called ACCOLADE. ACCOLADE allows us to apply for patents in different areas, but we select patent applications in the United States. They studied our research paper and attempted to outline the entire idea in 18 invention areas. In the process, we must contribute around 5000–6000 USD for the agency and application fee.
Patent Review Process
It is a challenging process, as the Patent Office reviewers will cite and reference any potential published patents that have already been done. They have carried out three reviews, and in the first two reviews, they believe another patent has already done our solutions. All 18 invention items are rejected. We do feel surprised and frustrated at the moment.
After a detailed discussion with the patent agency, they also figured out our solutions and ideas to protect against ransomware attacks. The agency filed the third argument in January 2024, and we received positive feedback that the patent office fully accepted our patent application in April 2024 (as shown below).
The story hasn’t ended yet. We must pay the certificate fee and wait another 3 to 6 months for the patent certificate to be issued. Our patent can be searched on the US Patent Office website.
Multiple Failures
Before the patent application was accepted by the office, Anthony and his co-authors tried to submit the research to Codeblue Tokyo and Blackhat Europe in Y2023. Unfortunately, the Call-For-Paper proposal was not accepted. Luckily, the reviewer comment from Blackhat Europe is transparent and optimistic about the idea, which is inspiring and highlights the doubts about whether it is a future-proof solution and whether the idea can change the ransomware gang behavior.
With the assistance of Dr. Zetta Ke, we have attempted to apply for a research fund of around 10,000 USD from Google Research South East Asia for ransomware research and experiments. It looks like the trend should be related to LLM (Large-Language Model; don’t mistake it as “ Lei Lo Mo,” aka “Your Mother” in Cantonese. LoL). Unfortunately, as expected, our proposal was not accepted, and we found the result online in April 2024. In the meantime, they have no further contact points, feedback, or communication; maybe they are too busy.
Interesting Money Earning Idea with Patent
Anthony has discussed this with several friends, including Jeff Moss, the founder of the top hacker conference Blackhat and DEF CON. He said some people may sell their patent(s) to law firms, and those can search online and sue any organization if the patent is abused. We realize it is now operating in the real world. However, we may walk through a harder way to optimize the patent for the invention with real work instead.
Conclusion
It was initially regrettable that the idea could not be published in the top grade-A security conferences and journals, including Usenix and IEEE Security & Privacy.
When thinking back, there is no harm; it is an invaluable experience in which we can turn our beliefs and ideas into inventions. We plan to set up prototypes and working demos as the next step for fund-seeking and startup; it is an excellent “Research and development” journey.
There should have been many failures to disqualify our ideas from the beginning. However, multiple strict reviews by the US Patent Office can prove everything: We said we would succeed if we insisted. No fear.
Meanwhile, I am very thankful for the peer review, trust, and courage of the VXRL core members. We claim ourselves as a researcher or put VXRL (Valkyrie-X Security Research Laboratory) and can justify who we have been since 2009.
Acknowledgement to the following co-authors of the publication:
- Dr. Anthony Cheuk Tung Lai, VXRL/VXCON/Blackhat USA/ Asia Review Board and HITB Review Board
- Dr. Zetta Ping-Fan KE, SMU, Singapore
- Kelvin Chan, Microsoft
- Austin Tsz-Wai Lau, VXRL
- Prof. SM Yiu, The University of Hong Kong
- Ken Wai-Kin Wong, PhD student in HKUST x VXRL
- Alan Po-Lun HO, MSc Information System, VXRL
- Dr. Shuai Wang, HKUST
- Dr. Dongsun Kim, Kyungpook National University
- Dr. Jogesh Muppala, HKUST (PhD Supervisor)
