Typically, an operating system of a computer system includes a file system to provide users with an interface while working with data on the computer system's disk and to provide the shared use of files by several users and processes. Generally, the term “file system” (or “filesystem” interchangeably) encompasses the totality of all files on the disk and the sets of data structures used to manage files, such as, for example, file directories, file descriptors, free and used disk space allocation tables, and the like. Accordingly, end users generally regard the computer file system as being composed of files and a number of directories. Each file usually stores data and is associated with a symbolic name. Each directory may contain subdirectories, files or both. The files and directories are typically stored on a disk or similar storage device.
One issue that affects the operations of computer systems and file systems in particular is the prevalence of malicious software. Malicious software, also referred to as “malware,” can infiltrate or damage a computer system by corrupting software code, resulting in abnormal operation or even termination of applications and the operating system. One type of malware known as “ransomware” takes block access to data on a computer system until a ransom is paid. Ransomware typically uses cryptography techniques to encrypt a computer system's files (such as a computer's Master File Table or the entire hard drive), thereby making them inaccessible until decrypted upon payment of the ransom. Ransomware can alter the file system in other ways, for example, by hiding the files, modifying the access rights of the files, moving the files to a hidden location in the file system, scrambling the names of files, or some combination thereof.
Known approaches for protecting a computer system against ransomware and other malware generally involve periodic data archiving and protection in case malicious programs are detected attempting to alter the file system. One of these approaches is a backup of the entire hard drive, which typically involves copying of the hard drive contents onto some other medium (such as another hard disk drive, a DVD ROM, a DVD RAM, a flash disk, etc.). Another approach is to proactively back up files or create file snapshots whenever a suspicious program attempts to make changes to user files. These known approaches have several disadvantages, including high demands on the computer's CPU, memory, and storage resources that must be diverted from use with other tasks to perform constant backups of files.