	US 11,949,710 B2
	System and method for efficient early indication of ransomware attack for damage prevention and control
Girish B. Doshi, Pune (IN)
Assigned to Dell Products L.P., Round Rock, TX (US)
Filed by Dell Products L.P., Round Rock, TX (US)
Filed on Jan. 24, 2022, as Appl. No. 17/582,537.
Prior Publication US 2023/0239321 A1, Jul. 27, 2023
Int. Cl. H04L 29/06 (2006.01); H04L 9/40 (2022.01)

CPC H04L 63/1466 (2013.01) [H04L 63/1425 (2013.01)]

20 Claims

1. A method for detecting a ransomware attack, comprising:

enabling changed block tracking of a data storage comprising of a plurality of data blocks;

taking snapshots of the plurality of data blocks at multiple times;

determining a rate of change between at least two snapshots of the plurality of data blocks;

determining a pattern of changes between the at least two snapshots of the plurality of data blocks; and

scanning the plurality of data blocks for ransomware when the determined rate of change between the at least two snapshots of the plurality of data blocks is greater than a threshold and/or the determined pattern of changes between the at least two snapshots of the plurality of data blocks deviates by more than a threshold from a normal pattern of changes of the plurality of data blocks.