US 12,235,954 B2
Ransomware detection using multiple security threat detection processes
Andrew Kutner, Quincy, IL (US); Ronald Karr, Palo Alto, CA (US); Andrew Miller, Greenville, SC (US); Patrick D. Lee, Los Altos, CA (US); David Huskisson, Minneapolis, MN (US); Brian Carpenter, Frisco, TX (US); and Cynthia Dote, San Jose, CA (US)
Assigned to Pure Storage, Inc., Santa Clara, CA (US)
Filed by Pure Storage, Inc., Santa Clara, CA (US)
Filed on Feb. 12, 2024, as Appl. No. 18/438,922.
Application 18/438,922 is a continuation of application No. 18/141,545, filed on May 1, 2023, granted, now 11,941,116.
Application 18/141,545 is a continuation of application No. 16/917,030, filed on Jun. 30, 2020, granted, now 11,675,898, issued on Jun. 13, 2023.
Application 16/917,030 is a continuation in part of application No. 16/711,060, filed on Dec. 11, 2019, abandoned.
Claims priority of provisional application 62/985,229, filed on Mar. 4, 2020.
Claims priority of provisional application 62/939,518, filed on Nov. 22, 2019.
Prior Publication US 2024/0184886 A1, Jun. 6, 2024
Int. Cl. G06F 21/55 (2013.01); G06F 3/06 (2006.01)
CPC G06F 21/554 (2013.01) [G06F 3/0619 (2013.01); G06F 3/0647 (2013.01); G06F 3/0673 (2013.01); G06F 2221/034 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method comprising:
determining, by a data protection system based on a first security threat detection process, that a storage system is possibly being targeted by a security threat;
performing, by the data protection system based on the determining that the storage system is possibly being targeted by the security threat, a first remedial action with respect to the storage system, the first remedial action comprising generating a snapshot of data stored by the storage system to restore the data to an uncorrupted state when confirmed that the data is corrupted;
confirming, by the data protection system based on a second security threat detection process, whether the storage system is possibly being targeted by the security threat;
continuing, by the data protection system when the confirming comprises determining that the storage system is not being targeted by the security threat, to perform the first security threat detection process; and
performing, by the data protection system when the confirming comprises determining that the storage system is being targeted by the security threat, a second remedial action with respect to the storage system, the second remedial action comprising locking down the snapshot that will be used to restore the data to the uncorrupted state.