	US 11,930,042 B2
	Cloud-native global file system with rapid ransomware recovery
Andres Rodriguez, Boston, MA (US); David M. Shaw, Newton, MA (US); John A. Capello, Cambridge, MA (US); and Matthew J. Stech, Huntley, IL (US)
Assigned to Nasuni Corporation, Boston, MA (US)
Filed by Nasuni Corporation, Boston, MA (US)
Filed on Apr. 18, 2023, as Appl. No. 18/136,092.
Application 18/136,092 is a continuation of application No. 17/745,581, filed on May 16, 2022, granted, now 11,632,394.
Application 17/745,581 is a continuation of application No. 17/559,561, filed on Dec. 22, 2021, granted, now 11,336,685, issued on May 17, 2022.
Prior Publication US 2023/0262090 A1, Aug. 17, 2023
Int. Cl. H04L 9/40 (2022.01); G06F 11/14 (2006.01)

CPC H04L 63/1466 (2013.01) [G06F 11/1469 (2013.01); H04L 63/1416 (2013.01); G06F 2201/84 (2013.01)]

12 Claims

1. A method of detecting and recovering from a ransomware attack in association with a cloud-based global file system wherein a filer is associated with a volume of a versioned file system in a private, public or hybrid cloud object store, comprising:

responsive to detecting a ransomware attack, restricting access to the volume, wherein the ransomware attack is detected by a filer- or cloud-based detector configured to score a set of markers that, when taken together, provide an indication of the ransomware attack, wherein at least one marker is associated with a given test associated with an occurrence indicative of a ransomware attack;

activating or designating a recovery filer;

initiating a restore operation at the recovery filer;

upon completion of the restore operation, creating a new clean snapshot of the volume using the recovery filer; and

thereafter, re-enabling access to the volume.