CPC H04L 63/1466 (2013.01) [G06F 11/1469 (2013.01); H04L 63/1416 (2013.01); G06F 2201/84 (2013.01)] | 12 Claims |
1. A method of detecting and recovering from a ransomware attack in association with a cloud-based global file system wherein a filer is associated with a volume of a versioned file system in a private, public or hybrid cloud object store, comprising:
responsive to detecting a ransomware attack, restricting access to the volume, wherein the ransomware attack is detected by a filer- or cloud-based detector configured to score a set of markers that, when taken together, provide an indication of the ransomware attack, wherein at least one marker is associated with a given test associated with an occurrence indicative of a ransomware attack;
activating or designating a recovery filer;
initiating a restore operation at the recovery filer;
upon completion of the restore operation, creating a new clean snapshot of the volume using the recovery filer; and
thereafter, re-enabling access to the volume.
|