US Patent 12081583 Automatic ransomware detection and mitigation

A method, computer program product, and system for detecting and mitigating ransomware using snapshot-based backups applied to a block-oriented storage device, by performing the following operations: (i) performing, in predetermined time-intervals, snapshot backups of data in a block-oriented storage device; (ii) determining at least one interval malware index value between a last snapshot backup and a next planned snapshot backup, wherein the interval malware index value is indicative of a changed block rate in stored data of storage blocks of the block-oriented storage device; and (iii) in response to determining that the interval malware index value is larger than a predefined interval malware index threshold value, triggering an emergency snapshot.