Claims:We Claim:

1. A system to protect data integrity from ransomware through dedicated vault and workspace arrangement comprises:
the system includes a data storage hardware device, a physical storage memory and a firmware;
a command to the user connected over Local Area Network (L.A.N.), Wide Area Network (W.A.N.) and/or Virtual Private Network (V.P.N) at different systems that initiates standard file transfer protocols to save files on this device;
characterized in that,
triggering a scanning process, reconciliation process, bit-locking process and versioning process occurs at specific pre-determined time in the system.
2. The system to protect data integrity from ransomware through dedicated vault and workspace arrangement as claimed in claim 1, wherein to generate data files the system serves as a data storage hardware device which is connected to computers.
3. The system to protect data integrity from ransomware through dedicated vault and workspace arrangement as claimed in claim 1, wherein to prevent file data from hostile manipulation / encryption attempt and recover data with minimum loss in minimum time.
4. A method to protect data integrity from ransomware through dedicated vault and workspace arrangement comprises following steps:
a) serving as a data storage hardware device which is connected to computers which are used to generate data files;
b) connecting over local area network, wide area network or virtual private network;
c) allowing users to use standard file transfer protocols to save files on data storage hardware device;
d) triggering a scan process, reconciliation process, bit-locking process and versioning will happen every day;
e) identifying the last modification date and time of the files;
f) recovering data with minimum loss in minimum time to prevent file data from hostile manipulation / encryption attempt.
5. The method to protect data integrity from ransomware through dedicated vault and workspace arrangement as claimed in claim 4, wherein in step (d):
the scanning process will scan entire device memory and record important parameters related to usage of the file;
the reconciliation process will match with parameters recorded by scan process and find out which parameters are older than 180 days or number of days defined as basis of the logic;

the advantage of bit-locking process is, once this process is over, these files will no longer be modifiable by the user as they are bit-locked at the memory level. The memory zone of bit-locked file is named as vault; and
the versioning process will identify names of the files which did not meet the first logic of last modified date older than 180 days.

Dated this 7th day of July 2020
, Description:FORM 2
THE PATENTS ACT 1970
(39 of 1970)
&
The Patents Rules, 2003
COMPLETE SPECIFICATION
(See section 10 and rule 13)

1. TITLE OF THE INVENTION:
“A SYSTEM AND METHOD TO PROTECT DATA INTEGRITY FROM
RANSOMWARE THROUGH DEDICATED VAULT AND WORKSPACE ARRANGEMENT”

2. APPLICANT:

(a) NAME : Synersoft Technologies Private Limited
(b) NATIONALITY : Indian
(c) ADDRESS : 5th Floor, Onyx 2,
Near Paldi Bus Terminus,
Beside Navchetan High School,
Paldi, Ahmedabad - 380007

3. PREAMBLE TO THE DESCRIPTION
PROVISIONAL

The following specification describes the invention. ? COMPLETE

The following specification particularly describes the invention and the manner in which it is to be performed.

Field of the invention
The present invention relates generally to an enhanced system and method to protect data integrity from ransomware through dedicated vault and workspace arrangement. The present invention is also related for solutions to protect file data from hostile manipulation / encryption attempt and recover data. More particularly it is a hardware enabled with technology that works at the hardware storage memory level and monitors usage patterns of the files on the file system.

Background of the invention
Malicious computer software or so-called malware, such as viruses, computer worms and Trojans, present one of the most significant computer security issues. In recent years, a new type of malicious software, called ransomware, has become widespread. The term ransomware as used herein refers to a family of malicious processes or programs that block or impede user interaction with the operating system of a computing device such as a computer, a networked computer, an element of a computer network, a smartphone, a tablet or other similar devices. Oftentimes, these programs demand the transfer of funds to the offenders in exchange for restoration of the computer’s operability. Generally, the ransomware interferes with an operating system so as to make a computer system unresponsive to user input, but other mechanisms can exist.
Ransomware processes can be downloaded to computers through sites offering free software, file sharing sites and hacked legitimate web resources. Often, users download and run malicious programs voluntarily, believing that they are installing legitimate software.

Technically, ransomware processes infect target computer systems using techniques such as attaching the executable files to emails and then running the executable file at the next system boot, typically then scanning the system to look for vulnerabilities, or, alternatively, attacking a vulnerability in a network service to gain access to a target computer system. Ransomware, once installed, is designed to encrypt a user’s files and request a ransom for the files to be unencrypted.

Various prior arts have been disclosed describing to protect data integrity from ransomware. The prior art document US 10609066 discloses an apparatus in one embodiment comprises a storage device having a processor coupled to a memory. The storage device incorporates at least one trap object particularly configured for use in detection of a ransomware attack and not otherwise utilized for storage of operational data in the storage device. The storage device further comprises a ransomware detector configured to monitor the trap object and to generate an alert based at least in part on a result of the monitoring. The trap object may comprise a dummy file system element of the storage device, such as, for example, a file or a directory of a file system of the storage device. Additionally or alternatively, the trap object may comprise one or more specific storage blocks of the storage device with the one or more specific storage blocks being determined at least in part by the file system of the storage device.

Another prior art document US 8751454 discloses a virtual defragmentation in a deduplication vault. In one example embodiment, a method of virtual defragmentation in a deduplication vault includes a virtual defragmentation phase. The virtual defragmentation phase includes accessing file system metadata (FSM) blocks included in a backup of allocated blocks of a source storage and reordering block references in the FSM blocks to match the order of the corresponding blocks as stored in a deduplication vault storage.

Overall, once the data has been encrypted, there is no easy solution to get it back. Depending on each ransomware, some may be possible to crack but this is an opportunistic and not long-term solution against ransomware. Traditional security systems are often designed to prevent malware from being inadvertently installed by a user, but may have no means of detecting or removing malware once it has been installed. Moreover, even if a conventional security system is able to remove installed ransomware, it may be too late since the user's files have already been encrypted. Accordingly, a need for additional and improved systems and methods for protecting files from malicious encryption attempts.

Firewall and antivirus are available solutions. But there is always a zero day on which a new virus or hostile manipulation / encryption attempt is floated. Firewalls and antivirus take time to understand modus operandi of new hostile manipulation / encryption attempt or virus. It could be hours, days, weeks or months. During this time from the zero day data is vulnerable and can be encrypted by hostile manipulation / encryption attempt. Firewall or antivirus can do little after hostile manipulation / encryption attempt has affected the data. Sometimes, time taken by antivirus companies to help customers recover data is too long to continue the business. It is a serious problem. There needs to be a solution which can help protect and recover data from hostile manipulation / encryption attempt attack in minimum time to be able to continue business.

Hence, protect data integrity from ransomware through dedicated vault and workspace arrangement still leaves some scope for improvement of solutions to protect file data from hostile manipulation / encryption attempt.

Object of the invention
The main object of the present invention is to provide system and method to protect data integrity from ransomware through dedicated vault and workspace arrangement.
Another object of the present invention is to provide a solution to protect file data from hostile manipulation / encryption attempt and recover data with minimum loss in minimum time.
The further object of the present invention is to provide alternate solution to minimize data loss and time to recover data after ransomware attacks.
Another object of the present invention is to provide facilitate recovery of last version in minimum time.
Yet, the further object of the present invention is to system and method to protect data integrity from ransomware through dedicated vault and workspace arrangement as unique availability of reconciliation and bit-locking process.
Another object of the present invention is to provide transparent file-recovery capabilities at the file system level.
Further object of the present invention is to provide unique commanding to the user connected over Local Area Network (L.A.N.), Wide Area Network (W.A.N.) and/or Virtual Private Network (V.P.N) at different systems that initiates standard file transfer protocols to save files on this device.
Yet another object of the present invention is to provide a scanning process which can scan entire device memory and record important parameters related to usage of the file.
Another object of the invention is to provide the hardware storage memory level and monitors usage patterns of the files on the file system.
The further object of the present invention is to provide unique way for retrieval of data in the system when ransomware infects the system.
Still another object of the present invention is to provide a system and method to protect data integrity from ransomware through dedicated vault and workspace arrangement which has a time dependent file backup system in vault and workspace which access through hardware.

Summary of the Invention
The present invention relates to a system and method to protect data integrity from ransomware through dedicated vault and workspace arrangement. The present invention serves the object of a process for protecting file data from hostile manipulation / encryption attempt. This system is a time dependent file backup system in vault and workspace which access through hardware. This system executing scan process and reconciliation process, it triggers third process which is bit-locking process. Further, hostile manipulation /encryption attempt will not be able to encrypt bit-locked files. This will save bit-locked data. It will minimize data loss only to number of hours configured in scanning process. The present invention designed unique hardware to recover data with minimum loss in minimum time. A fast data recovery procedure illustrates which is easily accomplished through use of the above mentioned three processes is well-suited for situations in which recovery time must be kept to a minimum. This system is a hardware enabled with technology that works at the hardware storage memory level and monitors usage patterns of the files on the file system.

Brief Description of the Drawings
Aforementioned aspect and the advantage of the present invention will be more fully understood after reading implementation below and after with reference to schema, in the drawings:
FIG. 1 is a flow diagram describing specific operational steps of a system and method to protect data integrity from ransomware through dedicated vault and workspace arrangement.

FIG. 2 is another flow diagram describing data recovery of a system and method to protect data integrity from ransomware through dedicated vault and workspace arrangement in accordance with some embodiments.

Detailed description of the Invention
Before explaining the present invention in detail, it is to be understood that the invention is not limited in its application. The nature of invention and the manner in which it is performed is clearly described in the specification. The invention has various components and they are clearly described in the following pages of the complete specification. It is to be understood that the phraseology and terminology employed herein is for the purpose of description and not of limitation.
The following description with reference to the accompanying drawings is provided to assist in a comprehensive understanding of various embodiments of the present disclosure as defined by the claims and their equivalents. It includes various specific details to assist in that understanding but these are to be regarded as merely exemplary. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the various embodiments described herein can be made without departing from the scope and spirit of the present disclosure. In addition, descriptions of well-known functions and constructions may be omitted for clarity and conciseness.
The present disclosure is generally directed to system and method to protect data integrity from ransomware through dedicated vault and workspace arrangement. As will be explained in greater detail, embodiments discussed herein can be implemented in Suitable computer-executable instructions that may reside on a computer readable medium (e.g., a hard disk drive, flash drive or other memory), hardware circuitry or the like, or any combination.
Before discussing specific embodiments, example hard ware architecture for implementing certain embodiments is described herein. One embodiment can include one or more computers communicatively coupled to a network. As is known to those skilled in the art, the computer can include a central processing unit (“CPU”), at least one read-only memory (“ROM), at least one random access memory (“RAM), at least one hard drive (“HD), and one or more input/output (“I/O”) device(s). The I/O devices can include a keyboard, monitor, printer, electronic pointing device (Such as a mouse, trackball, Stylus, etc.) or the like. In various embodiments, the computer has access to at least one data base.
ROM, RAM, and HD are computer memories for storing data and computer-executable instructions executable by the CPU. Within this disclosure, the term “computer-readable medium' is not limited to ROM, RAM, and HD and can include any type of data storage medium that can be read by a processor. In some embodiments, a computer-readable medium may refer to a data cartridge, a data backup magnetic tape, a floppy diskette, a flash memory drive, an optical data storage drive, a CD-ROM, ROM, RAM, HD, or the like.
At least portions of the functionalities or processes described herein can be implemented in suitable computer executable instructions. The computer-executable instructions may be stored as Software code components or modules on one or more non-transitory computer readable media (Such as non-volatile memories, Volatile memories, DASD arrays, magnetic tapes, floppy diskettes, hard drives, optical storage devices, etc. or any other appropriate computer-readable medium or storage device). In one embodiment, the computer-executable instructions may include lines of compiled C++, Java, HTML, or any other programming or scripting code.
Additionally, the functions of the disclosed embodiments may be implemented on one computer or shared/distributed among two or more computers in or across a network. Communications between computers implementing embodiments can be accomplished using any electronic, optical, radio frequency signals, or other Suitable methods and tools of communication in compliance with known network protocols.
Additionally, any examples or illustrations given herein are not to be regarded in any way as restrictions on, limits to, or express definitions of any term or terms with which they are utilized. Instead, these examples or illustrations are to be regarded as being described with respect to one particular embodiment and as illustrative only. Those of ordinary skill in the art will appreciate that any term or terms with which these examples or illustrations are utilized will encompass other embodiments which may or may not be given therewith or elsewhere in the specification and all such embodiments are intended to be included within the scope of that term or terms.
The hardware enabled with software that works at operating system level and control data acquisition from end point user device and central server database. The present invention utilizes hardware including but not limited to SATA, Redundant Array Independent Disk (RAID), frequency modulator, and Goldmont architecture with 14 nm process technologies, Central Processing Unit (C.P.U), Fiber or SCSI interface, switches, TCP/IP connection. These components are specifically arranged in particular pattern that gives intended object in the associated network.
Further, the present disclosure is related to dedicated vault and workspace arrangement. Vault is product data management “(PDM)” that improves productivity. In present invention, vault which is bit-locked and it identifies data that is not used since last certain number of days and data used currently by users. When ransomware strikes, the vault data is unaffected because the data are bit-locked at the memory level.
Accordingly, a workspace is a file or directory that allows a user to gather various files and resource and work with them. The workspace is a memory storage facility for temporary use. While in present invention, workspace which is not bit-locked (bit-unlocked) and when ransomware strikes your workspace, it will be affected but can promptly be replaced by yesterday’s unaffected data only and maintained current data. The memory zone of bit-unlocked files is known as workspace.
FIG. 1 is a simplified flow diagram of a system for protecting data from ransomware using vault and workplace arrangement. System includes an invented hardware, physical storage memory and its firmware. As described in Fig. 1, the system is a hardware enabled with technology that works at the hardware storage memory level and monitors usage patterns of the files on the file system. The system has two components: Invented hardware and its firmware which monitors usage pattern of files.
As shown, Fig 1 the system comprises a data storage hardware device which is connected to computers and it’s used to generate data files. It is connected over local area network, wide area network or virtual private network. Users use standard file transfer protocols to save files on this device.
The steps shown in FIG. 1 may be performed by any suitable one or more of the systems described herein, data is saved in file format by user on the invented device. Every day a scan process is triggered at the interval of 24 hours. Further, the scanning process will scan entire device memory and record important parameters related to usage of the file. Additionally, these 24 hours can be configured as per requirements of administrators depending load in the system. These parameters are precisely identifying the last modification date and time of the files.
Specifically, the firmware shown in fig. 1 is fed with specific logic by the administrator of the device. It includes the logic which can be defined in number of days. After the completion of scanning step, there is another step which triggered everyday and parameters are recorded. Another process is the reconciliation process. If administrator defines the logic based on 180 days and 7 days, the reconciliation process will match with parameters recorded by scan process and find out which parameters are older than 180 days or number of days defined as basis of the logic. Further, in step 2 it compare all file parameters with preconfigured number of days.
As shown in step 3 of the Fig. 1 after executing scan process and reconciliation process, it triggers third process which is known as bit-locking process. Further, at the end of reconciliation process the resultant data will give the list of the file names. The firmware of the device will locate memory locations of these files and bit-lock them. As shown in step 3, data files with positive result are transferred to bit-locked zone.
One of the advantage of bit-locking process is, once this process is over, these files will no longer be modifiable by the user as they are bit-locked at the memory level. The memory zone of bit-locked file is named as vault.
Additionally, after triggering the third process of bit-locking, as per step 4 shown in fig 1, the forth process of versioning will be triggered. Versioning process will depend on another parameter fed to reconciliation process. In this forth process, it is based on 7 days. The versioning process will identify names of the files which did not meet the first logic of last modified date older than 180 days.
Further, these files will be copied in a data container with time and date stamp. After these files are copied, container will also be bit-locked. Specifically, after latest version is bit-locked in the data container, oldest version time stamped as older than 7 days will be bit-unlocked and removed from the system. These 7 days can be any number of days for which this process can be executed. The memory zone of bit-unlocked files is known as workspace.
These processes of scanning, reconciliation, bit-locking, versioning will happen every day. The advantage of these processes will help minimize data loss and time to recover data after hostile manipulation / encryption attempt attack.
It is an advantage of the present invention that fast recovery of data can be performed. A fast data recovery procedure illustrates which is easily accomplished through use of the above mentioned processes is well-suited for situations in which recovery time must be kept to a minimum.
Consequently, the chances of a successfully recovery have drastically increased and transparent file-recovery capabilities at the file system level. This will minimize data loss only to number of hours and facilitate recovery of last version in minimum time.
Furthermore, as shown in fig 2 data recovery flow chart according to the present invention it comprises a physical storage memory and includes firmware. According to step 1 of fig.2 identifying the last version of bit-unlocked files than in step 2 it restore the last version on open current data. Finally in step 3, the vaulted data is intact and the bit-unlocked data contains the last version of unaffected data.
Additionally, hostile manipulation / encryption attempt will not be able to encrypt bit-locked files and they will be intact. Hostile manipulation / encryption attempt will be able to encrypt all the files which are not bit-locked. The unbit-locked data is affected but can be easily replaced by the yesterday’s unaffected data and maintained. The device will provide latest version of the files from its version container which contains all files which were not bit-locked as users were using it. As a holistic outcome, bit-locked data will be unharmed. Unbit-locked data will be shifted to last bit-locked version of currently unbit-locked files. This will save bit-locked data and minimize data loss only to number of hours configured in scanning process. It will also facilitate recovery of last version in minimum time.
More generally, the method associated with the present invention preferably operates in a computer network having computer servers operating on different operating systems and a plurality of computer devices. Each computer device is managed by a computer server at the operating system level. The computer network includes a plurality of information databases that contain information associated with the users and with the computer devices of the computer network. The method generates on each computer server a set of identifying files for each computer device managed by the central computer server or system administrator.
Present application provides solutions to minimize data loss and time to recover data after virus. This device is very effective in protecting file data from hostile manipulation / encryption attempt and minimize data recover time after hostile manipulation / encryption attempt.
While various elements of the present invention have been described in detail, it is apparent that modification and adaptation of those elements will occur to those skilled in the art. It is expressly understood, however, that such modifications and adaptations are within the spirit and scope of the present invention as set forth in the following claims.