4300 Workload anomaly detected

Explanation

Workload anomaly detection indicates the nature of data written to a volume or volumes has changed. This might be the result of a change to the way applications are storing data, or it might indicate a volume is being subjected to a ransomware attack.

User response

Contact the host and application owners that write data to the volume, or volumes in the volume group, indicated. Determine whether the change in nature is due to a known change, or whether the change is unexpected. If the change in nature is unexpected, take steps to mitigate data loss for these volumes.

If a malware attack is identified, take steps to mitigate damage to the volumes and other volumes that might be accessible by infected hosts. Then, identify suitable backups from which to restore affected volumes.