Automatic ransomware detection with an on-demand file system lock down and automatic repair function

Assignee

• International Business Machines Corporation · US

Inventors

• Dominic Mueller-Wicke · Weilburg, DE
• Stefan Bender · Engen, DE
• Thomas Schreiber · Klein-Winternheim, DE
• Kai Boerner · Kelsterbach, DE

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F2201/835
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

A method and system for detecting ransomware and repairing data following an attack. The method includes, collecting file statistics for files in a file system, identifying an affected file based on collected file statistics, locking down of access to the file system in response to identifying the affected file, undoing of reconcile processing, repairing the affected files, and unlocking access to the file system. The system includes a computer node, a file system, a plurality of disc storage components, a backup client, a backup client, and a hierarchical storage client. The hierarchical storage client is configured to collect file statistics for files in file system, identify affected files based on collected file statistics for the file, lock down of access to the file system in response to an identified affected file, undo reconcile processing, repair the affected file; and unlock access to the file system.