US 12,437,078 B2
Simulating a ransomware attack in a testing environment
Rustem Rafikov, Hopkinton, MA (US); Philippe Armangau, Kalispell, MT (US); Sathya Krishna Murthy, Morrisville, NC (US); Christopher Jones, Plainville, MA (US); and Bruce A. Zimmerman, Concord, MA (US)
Assigned to Dell Products L.P., Round Rock, TX (US)
Filed by Dell Products L.P., Round Rock, TX (US)
Filed on May 1, 2023, as Appl. No. 18/141,616.
Prior Publication US 2024/0370567 A1, Nov. 7, 2024
Int. Cl. G06F 21/57 (2013.01)
CPC G06F 21/577 (2013.01) [G06F 2221/033 (2013.01)] 19 Claims
OG exemplary drawing
 
1. A method of simulating a ransomware attack, the method comprising:
obtaining access to a testing environment in which to perform a simulated ransomware attack;
after obtaining access to the testing environment, loading prepared data into the testing environment; and
performing, as the simulated ransomware attack, a set of input/output (IO) operations based on a set of IO traces corresponding to an actual ransomware attack, the set of IO operations accessing the prepared data;
wherein performing the set of IO operations includes:
writing, in place of the prepared data, replacement data representing encrypted user data generated by the actual ransomware attack, the replacement data being based on the set of IO traces; and
wherein the method further comprises:
generating the replacement data based on data characteristics of the encrypted user data, the data characteristics being obtained from an IO trace of the set of IO traces, the IO trace describing a write request which was issued during the actual ransomware attack.