公开(公告)号：US20250061187A1

公开(公告)日：2025-02-20

申请号：US18452319

申请日：2023-08-18

Applicant: VMware, Inc.

Inventor： Boris WEISSMAN ,  Kiran KAMATH ,  Juan Pablo CASARES-CHARLES ,  Piyush KOTHARI ,  Michael KOLECHKIN ,  Deepa SREEKUMAR ,  Mamta BHAVSAR

IPC: G06F21/53 ,  G06F9/455 ,  G06F21/55 ,  G06F21/56

Abstract: Aspects of the disclosure provide continual backup verification for ransomware detection and recovery of fileless malicious logic. On an ongoing basis, even prior to detecting an attack within a production environment, each of a plurality of backup virtual machines (VMs) is executed in an isolation environment and subject to behavior monitoring to detect malicious logic (e.g., ransomware). If malicious logic is detected in a backup VM, an alert is generated and/or that backup VM is marked as unavailable for use as a restoration backup, in order to avoid re-infecting the production environment. In some examples, a backup VM with malicious logic is cleaned and returned to the pool of available backups that are suitable for use. Because the production environment is not burdened, in some examples, the probability of detection for finding malicious logic in the isolation environment is set higher than what is used in the production environment.

公开(公告)号：US20240193049A1

公开(公告)日：2024-06-13

申请号：US18080460

申请日：2022-12-13

Applicant: VMware, Inc.

Inventor： Boris WEISSMAN ,  Bharath Kumar CHANDRASEKHAR ,  Kiran KAMATH ,  Piyush KOTHARI ,  Juan Pablo CASARES-CHARLES ,  Mamta BHAVSAR ,  Ryan Joseph TODD ,  Michael KOLECHKIN ,  David Aaron KRIEGER ,  Deepa SREEKUMAR ,  Sharath Nagaraj DWARAL ,  Kamala Narayan Balasubramanian SHARATH ,  Kedar THIAGARAJAN ,  Amol Abhay KHARE ,  Leena Shuklendu SOMAN ,  Mandar Kashinath NADGOUDA ,  Robert James SPEAKER

IPC: G06F11/14 ,  G06F9/455

CPC classification number: G06F11/1464 ,  G06F9/45558 ,  G06F2009/45587

Abstract: A method for virtual computing instance remediation is provided. Some embodiments include retrieving a first backup of a virtual machine from storage, the first backup comprising configuration information and data of the virtual machine, the configuration information comprising network connectivity information in a first software defined data center (SDDC) running on a first set of host machines. Some embodiments include configuring a second SDDC running on a second set of host machines based on the configuration information, where the second SDDC is network isolated from the first SDDC and powering on the virtual machine from the first backup in the second SDDC. Some embodiments include sending, from the virtual machine to a security platform, behavior information of the virtual machine running in the second SDDC and determining, based on the behavior information, whether the virtual machine running in the second SDDC is infected with malware.