Detecting unauthorized encryptions in data storage systems

Assignee

• EMC IP Holding Company LLC · US

Inventors

• Yevgeni Gehtman · Lod, IL
• Tomer Shachar · Beer Sheva, IL
• Maxim Balin · Gan Yavne, IL

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F2221/2107
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

At a first time, a system identifies a set of data files which are stored in a part of a data storage system. At a second time, the system identifies each newly encoded data file based on identifying each data file in the set of data files which is encoded and created and/or updated since the first time. The system identifies each compressed data file based on identifying each newly encoded data file which is reduced in size since the first time. The system determines a file compression success rate based on a total count of each compressed data file relative to a total count of each newly encoded data file. If the system determines that the file compression success rate does not satisfy the file compression success rate threshold, the system outputs an alert about an unauthorized encryption in the data storage system.