Ransomware activity detection and data protection

Assignee

• Dell Products L.P. · US

Inventors

• Mohammed Asher Vt · Kanchinakote, IN
• Ramesh Doddaiah · Hadley, US
• Sandeep Chandrashekhara · Shrewsbury, US
• Malak Alshawabkeh · Franklin, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F21/565
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

Ransomware activity detection and data protection is implemented by a remote R2 storage array on an asynchronous remote data replication facility, on which data from a primary R1 storage array is replicated to the remote storage array. Write operations on storage volumes in a remote data replication group are collected in a capture cycle on the primary storage array, along with IO pattern metadata describing both read and write operations on the storage volumes. At the end of the capture cycle, the update and metadata is transmitted to the remote storage array. The remote storage array receives the update and metadata and temporarily stores the update prior to applying it to its copy of the storage volumes. Ransomware anomaly detection is implemented using the update and metadata, and if ransomware activity is detected, the data on the remote R2 storage array is protected, and the update is not applied.