US 12,333,007 B2
Detecting ransomware in monitored data
Sri Karthik Bhagi, Morganville, NJ (US); Pratima Laxman Gadhave, Neptune, NJ (US); Marcelo dos Reis Mansano, Curitiba (BR); Mrityunjay Upadhyay, Hyderabad (IN); Purnachandra Sekhar Bedhapudi, Edison, NJ (US); and Shyam Sundar Ramkumar, East Brunswick, NJ (US)
Assigned to Commvault Systems, Inc., Tinton Falls, NJ (US)
Filed by Commvault Systems, Inc., Tinton Falls, NJ (US)
Filed on Feb. 16, 2024, as Appl. No. 18/443,896.
Application 18/443,896 is a continuation of application No. 17/243,188, filed on Apr. 28, 2021, granted, now 12,026,252.
Claims priority of provisional application 63/160,636, filed on Mar. 12, 2021.
Claims priority of provisional application 63/160,459, filed on Mar. 12, 2021.
Prior Publication US 2024/0256661 A1, Aug. 1, 2024
This patent is subject to a terminal disclaimer.
Int. Cl. G06F 21/55 (2013.01); G06F 9/455 (2018.01); G06F 11/14 (2006.01); G06F 21/54 (2013.01); G06F 21/56 (2013.01); G06F 21/62 (2013.01); G06F 21/78 (2013.01); G06N 5/04 (2023.01); G06N 20/00 (2019.01)
CPC G06F 21/554 (2013.01) [G06F 9/45533 (2013.01); G06F 11/1451 (2013.01); G06F 21/54 (2013.01); G06F 21/561 (2013.01); G06F 21/566 (2013.01); G06F 21/567 (2013.01); G06F 21/568 (2013.01); G06F 21/6218 (2013.01); G06F 21/78 (2013.01); G06N 5/04 (2013.01); G06N 20/00 (2019.01); G06F 2201/815 (2013.01); G06F 2221/034 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A system comprising:
one or more hardware processors and computer memory carrying computer programming instructions that configure the system to:
perform a first backup job, which comprises transmitting first data from a client computing device to a secondary storage computing device,
wherein during the first backup job the secondary storage computing device is configured to:
generate a first secondary copy of the first data received from the client computing device, and
track, in an index at the secondary storage computing device, file system information about the first secondary copy;
after the first backup job, perform a second backup job, which comprises transmitting second data from the client computing device to the secondary storage computing device,
wherein during the second backup job the secondary storage computing device is configured to:
generate a second secondary copy of the second data received from the client computing device, and
track, in the index, file system information about the second secondary copy, and
based on the file system information about the first secondary copy stored in the index and further based on the file system information about the second secondary copy also stored in the index, determine differences between the first secondary copy and the second secondary copy, and
provide the differences to an anomaly detection model deployed at the secondary storage computing device, wherein the anomaly detection model was trained before the first backup job, and
determine, by the anomaly detection model, that there is an anomaly in the differences between the first secondary copy and the second secondary copy; and
generate a notification of the anomaly to a user, wherein the notification provides an indication of the second secondary copy.