| CPC G06F 21/561 (2013.01) [G06F 2221/034 (2013.01)] | 19 Claims |
|
1. A non-transitory machine-readable storage medium comprising instructions that upon execution cause a storage system to:
intercept, at the storage system, a write request communicated over a network from a requester in a host system, the write request to write data of a trap volume comprising a honeypot storing dummy data;
compute a value by applying, at the storage system, a hash function on storage location information at which the data of the write request is to be stored, the storage location information specifying a logical address or a physical address of a storage location in the trap volume;
determine, at the storage system, whether the data of the write request targeting the trap volume matches the computed value; and
in response to determining that the data of the write request targeting the trap volume does not match the computed value, indicate that the write request from the requester in the host system has been corrupted by malware that has performed an unauthorized encryption on the data.
|