US 11,941,116 B2
Ransomware-based data protection parameter modification
Andrew Kutner, Quincy, IL (US); Ronald Karr, Palo Alto, CA (US); Andrew Miller, Greenville, SC (US); Patrick D. Lee, Los Altos, CA (US); David Huskisson, Minneapolis, MN (US); Brian Carpenter, Frisco, TX (US); and Cynthia Dote, San Jose, CA (US)
Assigned to Pure Storage, Inc., Santa Clara, CA (US)
Filed by Pure Storage, Inc., Mountain View, CA (US)
Filed on May 1, 2023, as Appl. No. 18/141,545.
Application 18/141,545 is a continuation of application No. 16/917,030, filed on Jun. 30, 2020, granted, now 11,675,898.
Application 16/917,030 is a continuation in part of application No. 16/711,060, filed on Dec. 11, 2019, abandoned.
Claims priority of provisional application 62/985,229, filed on Mar. 4, 2020.
Claims priority of provisional application 62/939,518, filed on Nov. 22, 2019.
Prior Publication US 2023/0409706 A1, Dec. 21, 2023
This patent is subject to a terminal disclaimer.
Int. Cl. G06F 21/55 (2013.01); G06F 3/06 (2006.01)
CPC G06F 21/554 (2013.01) [G06F 3/0619 (2013.01); G06F 3/0647 (2013.01); G06F 3/0673 (2013.01); G06F 2221/034 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method comprising:
determining, by a data protection system, that a total amount of read traffic and write traffic processed by a storage system during a time period exceeds a threshold, the read traffic representing data read from the storage system during the time period and the write traffic representing data written to the storage system during the time period;
determining, by the data protection system, a first compressibility metric associated with the write traffic, the first compressibility metric indicating an amount of storage space saved if the write traffic is compressed;
determining, by the data protection system, a second compressibility metric associated with the read traffic, the second compressibility metric indicating an amount of storage space saved if the read traffic is compressed;
determining, by the data protection system based on a comparison of the first compressibility metric with the second compressibility metric, that the write traffic is less compressible than the read traffic;
determining, by the data protection system based on the total amount of read traffic and write traffic exceeding the threshold and on the write traffic being less compressible than the read traffic, that the storage system is possibly being targeted by a security threat; and
modifying, by the data protection system in response to the determining that the storage system is possibly being targeted by the security threat, a data protection parameter set for one or more recovery datasets generated by the storage system.