Ransomware identification method and device, electronic equipment and storage medium

The embodiment of the invention provides a ransomware identification method and device, electronic equipment and a storage medium, which are used for solving the problem that the detection effect on unknown ransomware is not ideal because feature matching detection is generally carried out based on a virus feature library in the prior art. The method comprises the following steps: establishing a ransomware information base; extracting a binary executable file embedded picture of the to-be-tested sample; extracting embedded information of the picture, and screening ransomware keyword information; and performing matching judgment on the ransomware keyword information and the information in the ransomware virus information base by utilizing a weighting algorithm, and outputting a judged detection result. 本发明实施例提供了一种勒索病毒识别方法、装置、电子设备及存储介质，用以解决现有技术通常是基于病毒特征库进行特征匹配检测，而对于未知勒索病毒的检测效果不理想的问题。该方法包括：建立勒索病毒信息库；提取待测样本的二进制可执行文件内嵌图片；提取所述图片的内嵌信息，筛选勒索关键字信息；利用加权算法，将所述勒索关键字信息与所述勒索病毒信息库中的信息进行匹配判定，输出判定的检测结果。