[go: up one dir, main page]

WO2022009218A1 - A system and method to protect data integrity from ransomware through dedicated vault and workspace arrangement - Google Patents

A system and method to protect data integrity from ransomware through dedicated vault and workspace arrangement Download PDF

Info

Publication number
WO2022009218A1
WO2022009218A1 PCT/IN2021/050601 IN2021050601W WO2022009218A1 WO 2022009218 A1 WO2022009218 A1 WO 2022009218A1 IN 2021050601 W IN2021050601 W IN 2021050601W WO 2022009218 A1 WO2022009218 A1 WO 2022009218A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
files
bit
ransomware
vault
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/IN2021/050601
Other languages
French (fr)
Inventor
Vishal Prakash Shah
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Synersoft Technologies Private Ltd
Original Assignee
Synersoft Technologies Private Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Synersoft Technologies Private Ltd filed Critical Synersoft Technologies Private Ltd
Publication of WO2022009218A1 publication Critical patent/WO2022009218A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine

Definitions

  • the present invention relates generally to an enhanced system and method to protect data integrity from ransomware through dedicated vault and workspace arrangement.
  • the present invention is also related for solutions to protect file data from hostile manipulation / encryption attempt and recover data. More particularly it is a hardware enabled with technology that works at the hardware storage memory level and monitors usage patterns of the files on the file system.
  • ransomware Malicious computer software or so-called malware, such as viruses, computer worms and Trojans, present one of the most significant computer security issues.
  • ransomware a new type of malicious software, called ransomware
  • ransomware refers to a family of malicious processes or programs that block or impede user interaction with the operating system of a computing device such as a computer, a networked computer, an element of a computer network, a smartphone, a tablet or other similar devices. Oftentimes, these programs demand the transfer of funds to the offenders in exchange for restoration of the computer's operability.
  • the ransomware interferes with an operating system so as to make a computer system unresponsive to user input, but other mechanisms can exist.
  • Ransomware processes can be downloaded to computers through sites offering free software, file sharing sites and hacked legitimate web resources. Often, users download and run malicious programs voluntarily, believing that they are installing legitimate software.
  • ransomware processes infect target computer systems using techniques such as attaching the executable files to emails and then running the executable file at the next system boot, typically then scanning the system to look for vulnerabilities, or, alternatively, attacking a vulnerability in a network service to gain access to a target computer system.
  • Ransomware once installed, is designed to encrypt a user's files and request a ransom for the files to be unencrypted.
  • the prior art document US 10609066 discloses an apparatus in one embodiment comprises a storage device having a processor coupled to a memory.
  • the storage device incorporates at least one trap object particularly configured for use in detection of a ransomware attack and not otherwise utilized for storage of operational data in the storage device.
  • the storage device further comprises a ransomware detector configured to monitor the trap object and to generate an alert based at least in part on a result of the monitoring.
  • the trap object may comprise a dummy file system element of the storage device, such as, for example, a file or a directory of a file system of the storage device.
  • the trap object may comprise one or more specific storage blocks of the storage device with the one or more specific storage blocks being determined at least in part by the file system of the storage device.
  • Another prior art document US 8751454 discloses a virtual defragmentation in a deduplication vault.
  • a method of virtual defragmentation in a deduplication vault includes a virtual defragmentation phase.
  • the virtual defragmentation phase includes accessing file system metadata (FSM) blocks included in a backup of allocated blocks of a source storage and reordering block references in the FSM blocks to match the order of the corresponding blocks as stored in a deduplication vault storage.
  • FSM file system metadata
  • Firewalls and antivirus take time to understand modus operandi of new hostile manipulation / encryption attempt or virus. It could be hours, days, weeks or months. During this time from the zero day data is vulnerable and can be encrypted by hostile manipulation / encryption attempt. Firewall or antivirus can do little after hostile manipulation / encryption attempt has affected the data. Sometimes, time taken by antivirus companies to help customers recover data is too long to continue the business. It is a serious problem. There needs to be a solution which can help protect and recover data from hostile manipulation / encryption attempt attack in minimum time to be able to continue business.
  • the main object of the present invention is to provide system and method to protect data integrity from ransomware through dedicated vault and workspace arrangement.
  • Another object of the present invention is to provide a solution to protect file data from hostile manipulation / encryption attempt and recover data with minimum loss in minimum time.
  • the further object of the present invention is to provide alternate solution to minimize data loss and time to recover data after ransomware attacks.
  • Another object of the present invention is to provide facilitate recovery of last version in minimum time.
  • the further object of the present invention is to system and method to protect data integrity from ransomware through dedicated vault and workspace arrangement as unique availability of reconciliation and bit locking process.
  • Another object of the present invention is to provide transparent file- recovery capabilities at the file system level.
  • Further object of the present invention is to provide unique commanding to the user connected over Local Area Network (L.A.N.), Wide Area Network (W.A.N.) and/or Virtual Private Network (V.P.N) at different systems that initiates standard file transfer protocols to save files on this device.
  • L.A.N. Local Area Network
  • W.A.N. Wide Area Network
  • V.P.N Virtual Private Network
  • Yet another object of the present invention is to provide a scanning process which can scan entire device memory and record important parameters related to usage of the file. Another object of the invention is to provide the hardware storage memory level and monitors usage patterns of the files on the file system.
  • the present invention relates to a system and method to protect data integrity from ransomware through dedicated vault and workspace arrangement.
  • the present invention serves the object of a process for protecting file data from hostile manipulation / encryption attempt.
  • This system is a time dependent file backup system in vault and workspace which access through hardware.
  • This system executing scan process and reconciliation process, it triggers third process which is bit-locking process.
  • hostile manipulation /encryption attempt will not be able to encrypt bit-locked files. This will save bit-locked data. It will minimize data loss only to number of hours configured in scanning process.
  • the present invention designed unique hardware to recover data with minimum loss in minimum time.
  • a fast data recovery procedure illustrates which is easily accomplished through use of the above mentioned three processes is well-suited for situations in which recovery time must be kept to a minimum.
  • This system is a hardware enabled with technology that works at the hardware storage memory level and monitors usage patterns of the files on the file system.
  • FIG. 1 is a flow diagram describing specific operational steps of a system and method to protect data integrity from ransomware through dedicated vault and workspace arrangement.
  • FIG. 2 is another flow diagram describing data recovery of a system and method to protect data integrity from ransomware through dedicated vault and workspace arrangement in accordance with some embodiments.
  • the present disclosure is generally directed to system and method to protect data integrity from ransomware through dedicated vault and workspace arrangement.
  • a computer readable medium e.g., a hard disk drive, flash drive or other memory
  • hardware circuitry e.g., a hard disk drive, flash drive or other memory
  • One embodiment can include one or more computers communicatively coupled to a network.
  • the computer can include a central processing unit (“CPU"), at least one read-only memory (“ROM), at least one random access memory (“RAM), at least one hard drive (“HD), and one or more input/output (“I/O") device(s).
  • the I/O devices can include a keyboard, monitor, printer, electronic pointing device (Such as a mouse, trackball, Stylus, etc.) or the like.
  • the computer has access to at least one data base.
  • ROM, RAM, and HD are computer memories for storing data and computer-executable instructions executable by the CPU.
  • a computer-readable medium is not limited to ROM, RAM, and HD and can include any type of data storage medium that can be read by a processor.
  • a computer-readable medium may refer to a data cartridge, a data backup magnetic tape, a floppy diskette, a flash memory drive, an optical data storage drive, a CD-ROM, ROM, RAM, HD, or the like.
  • the computer-executable instructions may be stored as Software code components or modules on one or more non-transitory computer readable media (Such as non-volatile memories, Volatile memories, DASD arrays, magnetic tapes, floppy diskettes, hard drives, optical storage devices, etc. or any other appropriate computer-readable medium or storage device).
  • the computer-executable instructions may include lines of compiled C++, Java, HTML, or any other programming or scripting code.
  • any examples or illustrations given herein are not to be regarded in any way as restrictions on, limits to, or express definitions of any term or terms with which they are utilized. Instead, these examples or illustrations are to be regarded as being described with respect to one particular embodiment and as illustrative only. Those of ordinary skill in the art will appreciate that any term or terms with which these examples or illustrations are utilized will encompass other embodiments which may or may not be given therewith or elsewhere in the specification and all such embodiments are intended to be included within the scope of that term or terms.
  • the hardware enabled with software that works at operating system level and control data acquisition from end point user device and central server database.
  • the present invention utilizes hardware including but not limited to SATA, Redundant Array Independent Disk (RAID), frequency modulator, and Goldmont architecture with 14 nm process technologies, Central Processing Unit (C.P.U), Fiber or SCSI interface, switches, TCP/IP connection. These components are specifically arranged in particular pattern that gives intended object in the associated network.
  • Vault is product data management "(PDM)” that improves productivity.
  • PDM product data management
  • vault which is bit-locked and it identifies data that is not used since last certain number of days and data used currently by users. When ransomware strikes, the vault data is unaffected because the data are bit-locked at the memory level.
  • a workspace is a file or directory that allows a user to gather various files and resource and work with them.
  • the workspace is a memory storage facility for temporary use. While in present invention, workspace which is not bit-locked (bit-unlocked) and when ransomware strikes your workspace, it will be affected but can promptly be replaced by yesterday's unaffected data only and maintained current data.
  • the memory zone of bit-unlocked files is known as workspace.
  • FIG. 1 is a simplified flow diagram of a system for protecting data from ransomware using vault and workplace arrangement.
  • System includes an invented hardware, physical storage memory and its firmware.
  • the system is a hardware enabled with technology that works at the hardware storage memory level and monitors usage patterns of the files on the file system.
  • the system has two components: Invented hardware and its firmware which monitors usage pattern of files.
  • Fig 1 the system comprises a data storage hardware device which is connected to computers and it's used to generate data files. It is connected over local area network, wide area network or virtual private network. Users use standard file transfer protocols to save files on this device.
  • the steps shown in FIG. 1 may be performed by any suitable one or more of the systems described herein, data is saved in file format by user on the invented device. Every day a scan process is triggered at the interval of 24 hours. Further, the scanning process will scan entire device memory and record important parameters related to usage of the file. Additionally, these 24 hours can be configured as per requirements of administrators depending load in the system. These parameters are precisely identifying the last modification date and time of the files.
  • the firmware shown in fig. 1 is fed with specific logic by the administrator of the device. It includes the logic which can be defined in number of days. After the completion of scanning step, there is another step which triggered everyday and parameters are recorded. Another process is the reconciliation process. If administrator defines the logic based on 180 days and 7 days, the reconciliation process will match with parameters recorded by scan process and find out which parameters are older than 180 days or number of days defined as basis of the logic. Further, in step 2 it compare all file parameters with preconfigured number of days.
  • step 3 of the Fig. 1 after executing scan process and reconciliation process, it triggers third process which is known as bit-locking process. Further, at the end of reconciliation process the resultant data will give the list of the file names. The firmware of the device will locate memory locations of these files and bit-lock them. As shown in step 3, data files with positive result are transferred to bit-locked zone.
  • bit-locking process One of the advantage of bit-locking process is, once this process is over, these files will no longer be modifiable by the user as they are bit-locked at the memory level.
  • the memory zone of bit-locked file is named as vault.
  • Versioning process will depend on another parameter fed to reconciliation process. In this forth process, it is based on 7 days. The versioning process will identify names of the files which did not meet the first logic of last modified date older than 180 days.
  • these files will be copied in a data container with time and date stamp.
  • container will also be bit-locked. Specifically, after latest version is bit-locked in the data container, oldest version time stamped as older than 7 days will be bit-unlocked and removed from the system. These 7 days can be any number of days for which this process can be executed.
  • the memory zone of bit-unlocked files is known as workspace.
  • a fast data recovery procedure illustrates which is easily accomplished through use of the above mentioned processes is well-suited for situations in which recovery time must be kept to a minimum.
  • fig 2 data recovery flow chart comprises a physical storage memory and includes firmware.
  • firmware According to step 1 of fig.2 identifying the last version of bit- unlocked files than in step 2 it restore the last version on open current data.
  • step 3 the vaulted data is intact and the bit-unlocked data contains the last version of unaffected data.
  • hostile manipulation / encryption attempt will not be able to encrypt bit-locked files and they will be intact.
  • Hostile manipulation / encryption attempt will be able to encrypt all the files which are not bit- locked.
  • the unbit-locked data is affected but can be easily replaced by the yesterday's unaffected data and maintained.
  • the device will provide latest version of the files from its version container which contains all files which were not bit-locked as users were using it.
  • bit-locked data will be unharmed. Unbit-locked data will be shifted to last bit-locked version of currently unbit-locked files. This will save bit-locked data and minimize data loss only to number of hours configured in scanning process. It will also facilitate recovery of last version in minimum time.
  • the method associated with the present invention preferably operates in a computer network having computer servers operating on different operating systems and a plurality of computer devices.
  • Each computer device is managed by a computer server at the operating system level.
  • the computer network includes a plurality of information databases that contain information associated with the users and with the computer devices of the computer network.
  • the method generates on each computer server a set of identifying files for each computer device managed by the central computer server or system administrator.
  • Present application provides solutions to minimize data loss and time to recover data after virus. This device is very effective in protecting file data from hostile manipulation / encryption attempt and minimize data recover time after hostile manipulation / encryption attempt. While various elements of the present invention have been described in detail, it is apparent that modification and adaptation of those elements will occur to those skilled in the art. It is expressly understood, however, that such modifications and adaptations are within the spirit and scope of the present invention as set forth in the following claims.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The present invention relates to a system and method to protect data integrity from ransomware through dedicated vault and workspace arrangement. The present invention serves the object of a process for protecting file data from hostile manipulation/encryption attempt. This system is a time dependent file backup system in vault and workspace which access through hardware. This system executing scan process and reconciliation process, it triggers third process which is bit‐locking process. Further, Hostile manipulation /encryption attempt will not be able to encrypt bit‐locked files. This will save bit‐locked data. It will minimize data loss only to number of hours configured in scanning process. The present invention designed unique hardware to recover data with minimum loss in minimum time. A fast data recovery procedure illustrates which is easily accomplished through use of the above mentioned three processes is well‐suited for situations in which recovery time must be kept to a minimum. This system is a hardware enabled with technology that works at the hardware storage memory level and monitors usage patterns of the files on the file system.

Description

A SYSTEM AND METHOD TO PROTECT DATA INTEGRITY FROM RANSOMWARE THROUGH DEDICATED VAULT AND WORKSPACE ARRANGEMENT
Field of the invention
The present invention relates generally to an enhanced system and method to protect data integrity from ransomware through dedicated vault and workspace arrangement. The present invention is also related for solutions to protect file data from hostile manipulation / encryption attempt and recover data. More particularly it is a hardware enabled with technology that works at the hardware storage memory level and monitors usage patterns of the files on the file system.
Background of the invention
Malicious computer software or so-called malware, such as viruses, computer worms and Trojans, present one of the most significant computer security issues. In recent years, a new type of malicious software, called ransomware, has become widespread. The term ransomware as used herein refers to a family of malicious processes or programs that block or impede user interaction with the operating system of a computing device such as a computer, a networked computer, an element of a computer network, a smartphone, a tablet or other similar devices. Oftentimes, these programs demand the transfer of funds to the offenders in exchange for restoration of the computer's operability. Generally, the ransomware interferes with an operating system so as to make a computer system unresponsive to user input, but other mechanisms can exist. Ransomware processes can be downloaded to computers through sites offering free software, file sharing sites and hacked legitimate web resources. Often, users download and run malicious programs voluntarily, believing that they are installing legitimate software.
Technically, ransomware processes infect target computer systems using techniques such as attaching the executable files to emails and then running the executable file at the next system boot, typically then scanning the system to look for vulnerabilities, or, alternatively, attacking a vulnerability in a network service to gain access to a target computer system. Ransomware, once installed, is designed to encrypt a user's files and request a ransom for the files to be unencrypted.
Various prior arts have been disclosed describing to protect data integrity from ransomware. The prior art document US 10609066 discloses an apparatus in one embodiment comprises a storage device having a processor coupled to a memory. The storage device incorporates at least one trap object particularly configured for use in detection of a ransomware attack and not otherwise utilized for storage of operational data in the storage device. The storage device further comprises a ransomware detector configured to monitor the trap object and to generate an alert based at least in part on a result of the monitoring. The trap object may comprise a dummy file system element of the storage device, such as, for example, a file or a directory of a file system of the storage device. Additionally or alternatively, the trap object may comprise one or more specific storage blocks of the storage device with the one or more specific storage blocks being determined at least in part by the file system of the storage device. Another prior art document US 8751454 discloses a virtual defragmentation in a deduplication vault. In one example embodiment, a method of virtual defragmentation in a deduplication vault includes a virtual defragmentation phase. The virtual defragmentation phase includes accessing file system metadata (FSM) blocks included in a backup of allocated blocks of a source storage and reordering block references in the FSM blocks to match the order of the corresponding blocks as stored in a deduplication vault storage.
Overall, once the data has been encrypted, there is no easy solution to get it back. Depending on each ransomware, some may be possible to crack but this is an opportunistic and not long-term solution against ransomware. Traditional security systems are often designed to prevent malware from being inadvertently installed by a user, but may have no means of detecting or removing malware once it has been installed. Moreover, even if a conventional security system is able to remove installed ransomware, it may be too late since the user's files have already been encrypted. Accordingly, a need for additional and improved systems and methods for protecting files from malicious encryption attempts. Firewall and antivirus are available solutions. But there is always a zero day on which a new virus or hostile manipulation / encryption attempt is floated. Firewalls and antivirus take time to understand modus operandi of new hostile manipulation / encryption attempt or virus. It could be hours, days, weeks or months. During this time from the zero day data is vulnerable and can be encrypted by hostile manipulation / encryption attempt. Firewall or antivirus can do little after hostile manipulation / encryption attempt has affected the data. Sometimes, time taken by antivirus companies to help customers recover data is too long to continue the business. It is a serious problem. There needs to be a solution which can help protect and recover data from hostile manipulation / encryption attempt attack in minimum time to be able to continue business.
Hence, protect data integrity from ransomware through dedicated vault and workspace arrangement still leaves some scope for improvement of solutions to protect file data from hostile manipulation / encryption attempt.
Object of the invention
The main object of the present invention is to provide system and method to protect data integrity from ransomware through dedicated vault and workspace arrangement.
Another object of the present invention is to provide a solution to protect file data from hostile manipulation / encryption attempt and recover data with minimum loss in minimum time. The further object of the present invention is to provide alternate solution to minimize data loss and time to recover data after ransomware attacks.
Another object of the present invention is to provide facilitate recovery of last version in minimum time.
Yet, the further object of the present invention is to system and method to protect data integrity from ransomware through dedicated vault and workspace arrangement as unique availability of reconciliation and bit locking process. Another object of the present invention is to provide transparent file- recovery capabilities at the file system level.
Further object of the present invention is to provide unique commanding to the user connected over Local Area Network (L.A.N.), Wide Area Network (W.A.N.) and/or Virtual Private Network (V.P.N) at different systems that initiates standard file transfer protocols to save files on this device.
Yet another object of the present invention is to provide a scanning process which can scan entire device memory and record important parameters related to usage of the file. Another object of the invention is to provide the hardware storage memory level and monitors usage patterns of the files on the file system.
The further object of the present invention is to provide unique way for retrieval of data in the system when ransomware infects the system. Still another object of the present invention is to provide a system and method to protect data integrity from ransomware through dedicated vault and workspace arrangement which has a time dependent file backup system in vault and workspace which access through hardware.
Summary of the Invention
The present invention relates to a system and method to protect data integrity from ransomware through dedicated vault and workspace arrangement. The present invention serves the object of a process for protecting file data from hostile manipulation / encryption attempt. This system is a time dependent file backup system in vault and workspace which access through hardware. This system executing scan process and reconciliation process, it triggers third process which is bit-locking process. Further, hostile manipulation /encryption attempt will not be able to encrypt bit-locked files. This will save bit-locked data. It will minimize data loss only to number of hours configured in scanning process. The present invention designed unique hardware to recover data with minimum loss in minimum time. A fast data recovery procedure illustrates which is easily accomplished through use of the above mentioned three processes is well-suited for situations in which recovery time must be kept to a minimum. This system is a hardware enabled with technology that works at the hardware storage memory level and monitors usage patterns of the files on the file system. Brief Description of the Drawings
Aforementioned aspect and the advantage of the present invention will be more fully understood after reading implementation below and after with reference to schema, in the drawings : FIG. 1 is a flow diagram describing specific operational steps of a system and method to protect data integrity from ransomware through dedicated vault and workspace arrangement.
FIG. 2 is another flow diagram describing data recovery of a system and method to protect data integrity from ransomware through dedicated vault and workspace arrangement in accordance with some embodiments.
Detailed description of the Invention
Before explaining the present invention in detail, it is to be understood that the invention is not limited in its application. The nature of invention and the manner in which it is performed is clearly described in the specification. The invention has various components and they are clearly described in the following pages of the complete specification. It is to be understood that the phraseology and terminology employed herein is for the purpose of description and not of limitation.
The following description with reference to the accompanying drawings is provided to assist in a comprehensive understanding of various embodiments of the present disclosure as defined by the claims and their equivalents. It includes various specific details to assist in that understanding but these are to be regarded as merely exemplary. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the various embodiments described herein can be made without departing from the scope and spirit of the present disclosure. In addition, descriptions of well-known functions and constructions may be omitted for clarity and conciseness.
The present disclosure is generally directed to system and method to protect data integrity from ransomware through dedicated vault and workspace arrangement. As will be explained in greater detail, embodiments discussed herein can be implemented in Suitable computer-executable instructions that may reside on a computer readable medium (e.g., a hard disk drive, flash drive or other memory), hardware circuitry or the like, or any combination.
Before discussing specific embodiments, example hard ware architecture for implementing certain embodiments is described herein. One embodiment can include one or more computers communicatively coupled to a network. As is known to those skilled in the art, the computer can include a central processing unit ("CPU"), at least one read-only memory ("ROM), at least one random access memory ("RAM), at least one hard drive ("HD), and one or more input/output ("I/O") device(s). The I/O devices can include a keyboard, monitor, printer, electronic pointing device (Such as a mouse, trackball, Stylus, etc.) or the like. In various embodiments, the computer has access to at least one data base. ROM, RAM, and HD are computer memories for storing data and computer-executable instructions executable by the CPU. Within this disclosure, the term "computer-readable medium' is not limited to ROM, RAM, and HD and can include any type of data storage medium that can be read by a processor. In some embodiments, a computer-readable medium may refer to a data cartridge, a data backup magnetic tape, a floppy diskette, a flash memory drive, an optical data storage drive, a CD-ROM, ROM, RAM, HD, or the like.
At least portions of the functionalities or processes described herein can be implemented in suitable computer executable instructions. The computer-executable instructions may be stored as Software code components or modules on one or more non-transitory computer readable media (Such as non-volatile memories, Volatile memories, DASD arrays, magnetic tapes, floppy diskettes, hard drives, optical storage devices, etc. or any other appropriate computer-readable medium or storage device). In one embodiment, the computer-executable instructions may include lines of compiled C++, Java, HTML, or any other programming or scripting code.
Additionally, the functions of the disclosed embodiments may be implemented on one computer or shared/distributed among two or more computers in or across a network. Communications between computers implementing embodiments can be accomplished using any electronic, optical, radio frequency signals, or other Suitable methods and tools of communication in compliance with known network protocols. Additionally, any examples or illustrations given herein are not to be regarded in any way as restrictions on, limits to, or express definitions of any term or terms with which they are utilized. Instead, these examples or illustrations are to be regarded as being described with respect to one particular embodiment and as illustrative only. Those of ordinary skill in the art will appreciate that any term or terms with which these examples or illustrations are utilized will encompass other embodiments which may or may not be given therewith or elsewhere in the specification and all such embodiments are intended to be included within the scope of that term or terms.
The hardware enabled with software that works at operating system level and control data acquisition from end point user device and central server database. The present invention utilizes hardware including but not limited to SATA, Redundant Array Independent Disk (RAID), frequency modulator, and Goldmont architecture with 14 nm process technologies, Central Processing Unit (C.P.U), Fiber or SCSI interface, switches, TCP/IP connection. These components are specifically arranged in particular pattern that gives intended object in the associated network.
Further, the present disclosure is related to dedicated vault and workspace arrangement. Vault is product data management "(PDM)" that improves productivity. In present invention, vault which is bit-locked and it identifies data that is not used since last certain number of days and data used currently by users. When ransomware strikes, the vault data is unaffected because the data are bit-locked at the memory level. Accordingly, a workspace is a file or directory that allows a user to gather various files and resource and work with them. The workspace is a memory storage facility for temporary use. While in present invention, workspace which is not bit-locked (bit-unlocked) and when ransomware strikes your workspace, it will be affected but can promptly be replaced by yesterday's unaffected data only and maintained current data. The memory zone of bit-unlocked files is known as workspace.
FIG. 1 is a simplified flow diagram of a system for protecting data from ransomware using vault and workplace arrangement. System includes an invented hardware, physical storage memory and its firmware. As described in Fig. 1, the system is a hardware enabled with technology that works at the hardware storage memory level and monitors usage patterns of the files on the file system. The system has two components: Invented hardware and its firmware which monitors usage pattern of files. As shown, Fig 1 the system comprises a data storage hardware device which is connected to computers and it's used to generate data files. It is connected over local area network, wide area network or virtual private network. Users use standard file transfer protocols to save files on this device.
The steps shown in FIG. 1 may be performed by any suitable one or more of the systems described herein, data is saved in file format by user on the invented device. Every day a scan process is triggered at the interval of 24 hours. Further, the scanning process will scan entire device memory and record important parameters related to usage of the file. Additionally, these 24 hours can be configured as per requirements of administrators depending load in the system. These parameters are precisely identifying the last modification date and time of the files.
Specifically, the firmware shown in fig. 1 is fed with specific logic by the administrator of the device. It includes the logic which can be defined in number of days. After the completion of scanning step, there is another step which triggered everyday and parameters are recorded. Another process is the reconciliation process. If administrator defines the logic based on 180 days and 7 days, the reconciliation process will match with parameters recorded by scan process and find out which parameters are older than 180 days or number of days defined as basis of the logic. Further, in step 2 it compare all file parameters with preconfigured number of days.
As shown in step 3 of the Fig. 1 after executing scan process and reconciliation process, it triggers third process which is known as bit-locking process. Further, at the end of reconciliation process the resultant data will give the list of the file names. The firmware of the device will locate memory locations of these files and bit-lock them. As shown in step 3, data files with positive result are transferred to bit-locked zone.
One of the advantage of bit-locking process is, once this process is over, these files will no longer be modifiable by the user as they are bit-locked at the memory level. The memory zone of bit-locked file is named as vault.
Additionally, after triggering the third process of bit-locking, as per step 4 shown in fig 1, the forth process of versioning will be triggered. Versioning process will depend on another parameter fed to reconciliation process. In this forth process, it is based on 7 days. The versioning process will identify names of the files which did not meet the first logic of last modified date older than 180 days.
Further, these files will be copied in a data container with time and date stamp. After these files are copied, container will also be bit-locked. Specifically, after latest version is bit-locked in the data container, oldest version time stamped as older than 7 days will be bit-unlocked and removed from the system. These 7 days can be any number of days for which this process can be executed. The memory zone of bit-unlocked files is known as workspace. These processes of scanning, reconciliation, bit-locking, versioning will happen every day. The advantage of these processes will help minimize data loss and time to recover data after hostile manipulation / encryption attempt attack.
It is an advantage of the present invention that fast recovery of data can be performed. A fast data recovery procedure illustrates which is easily accomplished through use of the above mentioned processes is well-suited for situations in which recovery time must be kept to a minimum.
Consequently, the chances of a successfully recovery have drastically increased and transparent file-recovery capabilities at the file system level. This will minimize data loss only to number of hours and facilitate recovery of last version in minimum time.
Furthermore, as shown in fig 2 data recovery flow chart according to the present invention it comprises a physical storage memory and includes firmware. According to step 1 of fig.2 identifying the last version of bit- unlocked files than in step 2 it restore the last version on open current data. Finally in step 3, the vaulted data is intact and the bit-unlocked data contains the last version of unaffected data.
Additionally, hostile manipulation / encryption attempt will not be able to encrypt bit-locked files and they will be intact. Hostile manipulation / encryption attempt will be able to encrypt all the files which are not bit- locked. The unbit-locked data is affected but can be easily replaced by the yesterday's unaffected data and maintained. The device will provide latest version of the files from its version container which contains all files which were not bit-locked as users were using it. As a holistic outcome, bit-locked data will be unharmed. Unbit-locked data will be shifted to last bit-locked version of currently unbit-locked files. This will save bit-locked data and minimize data loss only to number of hours configured in scanning process. It will also facilitate recovery of last version in minimum time. More generally, the method associated with the present invention preferably operates in a computer network having computer servers operating on different operating systems and a plurality of computer devices. Each computer device is managed by a computer server at the operating system level. The computer network includes a plurality of information databases that contain information associated with the users and with the computer devices of the computer network. The method generates on each computer server a set of identifying files for each computer device managed by the central computer server or system administrator. Present application provides solutions to minimize data loss and time to recover data after virus. This device is very effective in protecting file data from hostile manipulation / encryption attempt and minimize data recover time after hostile manipulation / encryption attempt. While various elements of the present invention have been described in detail, it is apparent that modification and adaptation of those elements will occur to those skilled in the art. It is expressly understood, however, that such modifications and adaptations are within the spirit and scope of the present invention as set forth in the following claims.

Claims

We Claim:
1. A system to protect data integrity from ransomware through dedicated vault and workspace arrangement comprises: the system includes a data storage hardware device, a physical storage memory and a firmware; a command to the user connected over Local Area Network (L.A.N.), Wide Area Network (W.A.N.) and/or Virtual Private Network (V.P.N) at different systems that initiates standard file transfer protocols to save files on this device; characterized in that, triggering a scanning process, reconciliation process, bit-locking process and versioning process occurs at specific pre-determined time in the system.
2. The system to protect data integrity from ransomware through dedicated vault and workspace arrangement as claimed in claim 1, wherein to generate data files the system serves as a data storage hardware device which is connected to computers.
3. The system to protect data integrity from ransomware through dedicated vault and workspace arrangement as claimed in claim 1, wherein to prevent file data from hostile manipulation / encryption attempt and recover data with minimum loss in minimum time.
4. A method to protect data integrity from ransomware through dedicated vault and workspace arrangement comprises following steps: a) serving as a data storage hardware device which is connected to computers which are used to generate data files; b) connecting over local area network, wide area network or virtual private network; c) allowing users to use standard file transfer protocols to save files on data storage hardware device; d) triggering a scan process, reconciliation process, bit-locking process and versioning will happen every day; e) identifying the last modification date and time of the files; f) recovering data with minimum loss in minimum time to prevent file data from hostile manipulation / encryption attempt.
5. The method to protect data integrity from ransomware through dedicated vault and workspace arrangement as claimed in claim 4, wherein in step (d): the scanning process will scan entire device memory and record important parameters related to usage of the file; the reconciliation process will match with parameters recorded by scan process and find out which parameters are older than 180 days or number of days defined as basis of the logic; the advantage of bit-locking process is, once this process is over, these files will no longer be modifiable by the user as they are bit- locked at the memory level. The memory zone of bit-locked file is named as vault; and the versioning process will identify names of the files which did not meet the first logic of last modified date older than 180 days.
PCT/IN2021/050601 2020-07-07 2021-06-22 A system and method to protect data integrity from ransomware through dedicated vault and workspace arrangement Ceased WO2022009218A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
IN202021028902 2020-07-07
IN202021028902 2020-07-07

Publications (1)

Publication Number Publication Date
WO2022009218A1 true WO2022009218A1 (en) 2022-01-13

Family

ID=79553013

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IN2021/050601 Ceased WO2022009218A1 (en) 2020-07-07 2021-06-22 A system and method to protect data integrity from ransomware through dedicated vault and workspace arrangement

Country Status (1)

Country Link
WO (1) WO2022009218A1 (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190109870A1 (en) * 2017-09-14 2019-04-11 Commvault Systems, Inc. Ransomware detection and intelligent restore
US20200012803A1 (en) * 2018-06-28 2020-01-09 Mohammad Mannan Protection system and method against unauthorized data alteration

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190109870A1 (en) * 2017-09-14 2019-04-11 Commvault Systems, Inc. Ransomware detection and intelligent restore
US20200012803A1 (en) * 2018-06-28 2020-01-09 Mohammad Mannan Protection system and method against unauthorized data alteration

Similar Documents

Publication Publication Date Title
US11681591B2 (en) System and method of restoring a clean backup after a malware attack
EP3479280B1 (en) Ransomware protection for cloud file storage
US11579985B2 (en) System and method of preventing malware reoccurrence when restoring a computing device using a backup image
JP6689992B2 (en) System and method for modifying file backup in response to detecting potential ransomware
US8255998B2 (en) Information protection method and system
US8468604B2 (en) Method and system for detecting malware
US20110225128A1 (en) Clean store for operating system and software recovery
US10831888B2 (en) Data recovery enhancement system
US20090094698A1 (en) Method and system for efficiently scanning a computer storage device for pestware
EP1915719B1 (en) Information protection method and system
US11113152B1 (en) Systems and methods for managing file backup
US20200089884A1 (en) Method and apparatus for ransomware detection
CN111183620B (en) Intrusion investigation
US9811659B1 (en) Systems and methods for time-shifted detection of security threats
US12406058B2 (en) Protecting data against malware attacks using cyber vault and automated airgap control
US20240330447A1 (en) Ransomware detection via monitoring open file or process
US20240333764A1 (en) Ransomware detection via monitoring open file or process
US8108935B1 (en) Methods and systems for protecting active copies of data
EP3964990A1 (en) Method and system for deciding on the need for an automated response to an incident
US12242609B2 (en) Exact restoration of a computing system to the state prior to infection
US8341428B2 (en) System and method to protect computing systems
US9141795B2 (en) Techniques for detecting malicious activity
US20240232399A1 (en) Preventing undesired deletes on protection storage using delete restriction with alerts for excessive deletes
US20240346143A1 (en) Tracking of files required for running malware processes
WO2022009218A1 (en) A system and method to protect data integrity from ransomware through dedicated vault and workspace arrangement

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21838823

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21838823

Country of ref document: EP

Kind code of ref document: A1