公开(公告)号：US20240354411A1

公开(公告)日：2024-10-24

申请号：US18335130

申请日：2023-06-15

Applicant: VMware, Inc.

Inventor： Zhe WANG ,  Wenguang WANG ,  Enning XIANG ,  Jianhan ZHAN ,  Rajesh JOSEPH ,  Bing JIAO

IPC: G06F21/56 ,  G06F9/455 ,  G06F21/55

CPC classification number: G06F21/566 ,  G06F9/45558 ,  G06F21/554 ,  G06F2009/45587 ,  G06F2221/034

Abstract: Solutions for rapid ransomware detection and recovery include: receiving a first set of in-memory changed data blocks; identifying, within the first set of in-memory changed data blocks, a second set of in-memory changed data blocks addressed for storage within a file index for a virtual machine (VM) disk; determining, relative to a change history of the file index, an anomalous condition; based on at least determining the anomalous condition, identifying a third set of blocks within the file index that are changed between two versions of the VM disk; determining that changes in the third set of blocks indicate ransomware; and based on at least determining that changes in the third set of blocks indicate ransomware, generating an alert. Machine learning (ML) models may perform anomaly/ransomware detection. Remediation activities may include disk restoration storing the VM memory.