公开(公告)号：GB2601938B

公开(公告)日：2022-12-21

申请号：GB202202607

申请日：2020-07-10

Applicant: IBM

Inventor： DOMINIC MUELLER-WICKE ,  STEFAN BENDER ,  THOMAS SCHREIBER ,  KAI BOERNER

IPC: G06F21/56

Abstract: A method and system for detecting ransomware and repairing data following an attack. The method includes, collecting file statistics for files in a file system, identifying an affected file based on collected file statistics, locking down of access to the file system in response to identifying the affected file, undoing of reconcile processing, repairing the affected files, and unlocking access to the file system. The system includes a computer node, a file system, a plurality of disc storage components, a backup client, a backup client, and a hierarchical storage client. The hierarchical storage client is configured to collect file statistics for files in file system, identify affected files based on collected file statistics for the file, lock down of access to the file system in response to an identified affected file, undo reconcile processing, repair the affected file; and unlock access to the file system.

公开(公告)号：GB2564318A

公开(公告)日：2019-01-09

申请号：GB201815487

申请日：2017-02-15

Applicant: IBM

Inventor： CHRISTIAN MUELLER ,  DOMINIC MUELLER-WICKE ,  ERIK RUEGER

IPC: H04L9/08 ,  G06F11/14 ,  G06F21/60 ,  G06F21/62

Abstract: A computer receives a set of objects from a client (201), whereby at least one of the objects of the set are respectively associated and encrypted with a unique file encryption key (FEK). The computer encrypts each of the FEKs with a common master encryption key (MEK), resulting in respective locked keys. In an initial backup, the encrypted objects together with their associated locked keys are transmitted to a backup server (205) where a first module determines if locked key has changed via referencing an encryption state associated with the encrypted objects. If an MEK has changed, the existing FEKs are re-encrypted with the changed MEK to generate new locked keys, and, in a subsequent backup operation, sending the new locked keys to the backup server (205) to replace the existing locked keys, while avoiding transmitting to the backup server (205) the objects whose associated FEKs are affected by the changed MEK.

公开(公告)号：GB2564318B

公开(公告)日：2019-07-31

申请号：GB201815487

申请日：2017-02-15

Applicant: IBM

Inventor： CHRISTIAN MUELLER ,  DOMINIC MUELLER-WICKE ,  ERIK RUEGER

IPC: H04L9/08 ,  G06F11/14 ,  G06F21/60 ,  G06F21/62

Abstract: A computer receives a set of objects from a client, whereby at least one of the objects of the set are respectively associated and encrypted with a unique file encryption key (FEK). The computer encrypts each of the FEKs with a common master encryption key, MEK, resulting in respective locked keys. In an initial backup, the encrypted objects together with their associated locked keys are transmitted to a backup server where a first module determines if locked key has changed via referencing an encryption state associated with the encrypted objects. If an MEK has changed, the existing FEKs are re-encrypted with the changed MEK to generate new locked keys, and, in a subsequent backup operation, sending the new locked keys to the backup server to replace the existing locked keys, while avoiding transmitting to the backup server the objects whose associated FEKs are affected by the changed MEK.

公开(公告)号：GB2601938A

公开(公告)日：2022-06-15

申请号：GB202202607

申请日：2020-07-10

Applicant: IBM

Inventor： DOMINIC MUELLER-WICKE ,  STEFAN BENDER ,  THOMAS SCHREIBER ,  KAI BOERNER

IPC: G06F21/56

Abstract: A method and system for detecting ransomware and repairing data following an attack. The method includes, collecting file statistics for files in a file system, identifying an affected file based on collected file statistics, locking down of access to the file system in response to identifying the affected file, undoing of reconcile processing, repairing the affected files, and unlocking access to the file system. The system includes a computer node, a file system, a plurality of disc storage components, a backup client, a backup client, and a hierarchical storage client. The hierarchical storage client is configured to collect file statistics for files in file system, identify affected files based on collected file statistics for the file, lock down of access to the file system in response to an identified affected file, undo reconcile processing, repair the affected file; and unlock access to the file system.

公开(公告)号：GB2529436B

公开(公告)日：2016-05-18

申请号：GB201414750

申请日：2014-08-20

Applicant: IBM

Inventor： DOMINIC MUELLER-WICKE ,  THOMAS SCHREIBER ,  FABIAN KUHL ,  NILS HAUSTEIN ,  CHRISTIAN MUELLER

IPC: G06F11/14 ,  G06F17/30

Abstract: Operating a data processing and storage apparatus to perform continuous backup monitoring for a collection of stored file system objects. In response to changes respective to a number of the file system objects, a set of Data Management Application Program Interface (DMAPI) events is created. For each of the events, accessory file system object information relative to a file system object subject to the change is determined. The events are grouped into an event group and a unique group identifier and an overall group size count are assigned to each of the events included in the event group. The events are sent together with the respective accessory file system object information, the respective group identifier and the respective group size to a number of backup clients registered as applications. The backup clients are to process the events together with the respective accessory file system object information, the respective group identifier and the respective group size into a number of backup requests.