This detection rule monitors for bulk deletions of Google Cloud Storage (GCS) objects, which can be indicative of a ransomware attack or data destruction efforts by an adversary targeting cloud storage systems. Specifically, the rule flags any operations where 10 or more deletion requests are made within a specific timeframe, suggesting automated behavior atypical of normal user activity. This type of deletion pattern may align with double extortion tactics, whereby attackers not only encrypt files but also delete them to apply pressure on victims for ransom. The rule operates by analyzing GCP Audit Logs, looking for instances where the `storage.objects.delete` method is invoked. A thorough investigation process is suggested in the runbook, including the assessment of user behavior, IP address analysis, potential recoverability of deleted objects, and checks for other ransomware-related activities in the environment.