&#xfeff;<html>
  <head>
    <META http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="html_style_eog.css"/>
<script type="text/javascript">
          function printpage()
          {
          window.print()
          }
        </script>
<script type="text/javascript" src="https://components.uspto.gov/js/ais/40-patentsgazette.js"></script></head>
  <body bgcolor='#FFFFFF' onload='javascript: if ((navigator.appName.indexOf("Netscape")!=-1) && parent.leftFrame!=null) parent.leftFrame.location.reload();'>
    <basefont face="Times New Roman, Times New Roman, Times New Roman " size="2">
      <div style="margin-left: +10pt">
        <table width="90%" border="0" rules="none" align="center">
          <tr align="center">
            <td width="20%" colspan="1" rowspan="2" align="left" valign="top"><a href="https://ppubs.uspto.gov/pubwebapp/external.html?q=12265621.pn.&amp;db=USPAT" target="popup"><input type="button" class="button" value="   Full Text   "></a></td>
            <td class="table_data"><b>US 12,265,621 B2</b></td>
            <td width="20%" colspan="1" rowspan="2" align="right" valign="top">
              <form><input type="button" value="Print this page" onclick="printpage()"></form>
            </td>
          </tr>
          <tr align="center">
            <td colspan="1" class="table_data" style="text-transform: uppercase"><b>Ransomware activity detection and data protection</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b> Mohammed Asher Vt,  Bangalore (IN);  Ramesh Doddaiah,  Westborough, MA (US);  Sandeep Chandrashekhara,  Shrewsbury, MA (US); and  Malak Alshawabkeh,  Franklin, MA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Assigned to  Dell Products, L.P.,  Hopkinton, MA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed by  Dell Products, L.P.,  Hopkinton, MA (US)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed on Mar.  20, 2023, as Appl. No. 18/186,279.</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Prior Publication US 2024/0320340 A1, Sep.  26, 2024</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Int. Cl. </b><i><b>G06F 21/56</b></i> (2013.01)</td>
          </tr>
        </table>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="75%">
            <col width="15%">
          </colgroup>
          <tr align="left">
            <td class="table_data" align="left"><b>CPC </b><i><b>G06F 21/568</b></i> (2013.01)&#xa0;[<i><b>G06F 21/565</b></i> (2013.01)]</td>
            <td class="table_data" align="right"><b>20 Claims</b></td>
          </tr>
        </table>
        <center><img src="US12265621-20250401-D00000.gif" alt="OG exemplary drawing"></center>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="90%">
          </colgroup>
          <tr>
            <td class="table_data" align="center">&#xa0;</td>
          </tr>
          <tr>
            <td valign="top" class="para_text">
              <div class="claim_text_root">1. A method of detecting ransomware activity, comprising: implementing an asynchronous remote data replication facility between a primary storage array and a remote storage array, in which data contained in a first set of storage volumes of a first remote data replication storage group at the primary storage array is copied in an asynchronous manner from the primary storage array to the remote storage array to replicate the data in a second set of storage volumes of a second remote data replication storage group at the remote storage array; receiving host read and write operations on the first set of storage volumes by the primary storage array during a capture cycle; generating a remote data replication update including all of the host write operations on the first set of storage volumes during the capture cycle; generating a host input/output (IO) metadata update describing all of the host write operations and all of the host read operations on the first set of storage volumes during the capture cycle; transmitting the remote data replication update and the host IO metadata update at the end of the capture cycle to the remote storage array; receiving the remote data replication update and the host IO metadata update during a receive cycle at the remote storage array; temporarily storing the remote data replication update without applying any of the host write operations contained in the remote data replication update to the second set of storage volumes; and while temporarily storing the remote data replication update, performing ransomware anomaly detection using the remote data replication update and the host IO metadata update to determine when any of the host write operations are likely associated with ransomware activity; in response to a determination that one or more of the host write operations is likely associated with ransomware activity, protecting the data contained in the second set of storage volumes; and in response to a determination that none of the host write operations are likely associated with ransomware activity, applying the host write operations contained in the remote data replication update to the second set of storage volumes.</div>
            </td>
          </tr>
        </table>
      </div>
    
  </body>
</html>