Nasuni has filed a patent for a cloud-native global file system that includes a rapid ransomware recovery service. The system detects ransomware attacks, restricts access to the affected files, activates a recovery filer, initiates a restore operation, creates a new clean snapshot of the volume, and then re-enables access to the files. GlobalData’s report on Nasuni gives a 360-degree view of the company including its patenting strategy. Buy the report here.
According to GlobalData’s company profile on Nasuni, Distributed control systems was a key innovation area identified from patents. Nasuni's grant share as of September 2023 was 60%. Grant share is based on the ratio of number of grants to total number of patents.
Cloud-native global file system with rapid ransomware recovery service
A recently filed patent (Publication Number: US20230262090A1) describes a method for detecting and recovering from a ransomware attack in a cloud-based global file system. The method involves several steps to mitigate the impact of the attack and restore normal access to the affected volume.
When a ransomware attack is detected, access to the volume is restricted. The detection is performed by a filer- or cloud-based detector that scores a set of markers associated with indicators of a ransomware attack. Each marker is distinct from the others, and individual tests have associated scores. The method also includes receiving data that configures the individual tests, enabling them, designating score values, or specifying actions to take based on configurable thresholds.
A recovery filer is activated or designated, and a restore operation is initiated at the recovery filer. Once the restore operation is completed, a new clean snapshot of the volume is created using the recovery filer. Finally, access to the volume is re-enabled, allowing users to resume normal operations.
The method also includes selectively adjusting the score associated with a test based on specific occurrences or events. The scores associated with the set of markers are aggregated and compared to configurable thresholds to detect the ransomware attack. The detector may implement machine learning techniques to improve detection accuracy.
The tests used to detect the attack include tracking the number of new file creations, complete file overwrites, new file manifests, file reads, and examining filename characteristics. The method also involves searching for ransom demands within the file system.
The restore operation can reverse damage to individual files, directories, or the entire volume. Importantly, the recovery from the ransomware attack is specific to the affected volume and does not impact other volumes in the cloud-based global file system.
The patent also highlights that the recovery process is designed to occur within minutes from the point-in-time when the ransomware attack is detected. This rapid recovery timeframe aims to minimize the impact of the attack and ensure business continuity.
Overall, this patent describes a comprehensive method for detecting and recovering from ransomware attacks in a cloud-based global file system. By combining detection mechanisms, configurable tests, and rapid restoration processes, the method aims to provide effective protection against ransomware threats and minimize downtime.