Evolving Ransomware Demands an AI-powered Threat Detection and Response System
The dissemination of information cuts two ways. On the one hand, commerce is enabled, yet on the other, so too are the criminalized branches of commerce, and as a result, evolved ransomware is one of the most dangerous threats on the internet today. It’s a low-cost, high-profit model — and the threat is evolving to keep up with changes in how we work.
Ransomware gangs and their associates are in the business of making money, have an ROI mindset. Groups and individuals learn new techniques, capitalising on their abilities to gain access to systems and data, and either steal, ransom-and-return, or just encrypt and charge.
Ransomware’s latest variations actively examine the network for shared files on servers and computers to which the compromised host has access privileges, then spreads from one device to a large number of others.
Because of the operational downtime and data loss caused by ransomware encrypting file shares, attacks become incredibly costly. When a company is targeted by a ransomware attack, it’s an all-hands-on-deck situation that necessitates urgent action to recover systems while business operations are held hostage.
When the target is a cloud service provider, and the systems encrypted are those of its customers, the downtime gets even worse. In 2019, ransomware attacks affected cloud hosting companies DataResolution.net and iNSYNQ, preventing over 30,000 clients from using their services.
In the same year, ransomware evolved from opportunistic to targeted attacks on businesses willing to pay a higher ransom to regain access to their files. And yet companies seem to continue to pay up – rarely admitting doing so – with an evident rise in the amounts demanded.
Network file encryption in ransomware
Documents are saved in shared volumes are often thought of as “backups”, in addition to the sole copy of information to enable better productivity while sharing information for teamwork (especially important for mobile workers).
With access to documents in network shares, a single host can lock access to documents across multiple departments in a targeted organisation thanks to high-capacity data storage.
There’s also the deep integration with many cloud services that’s abstracted away from the user, yet highly attractive to attackers. Integrated filesharing services based in the cloud (to take a single example), allow local attacks to spread out into shared resources hosted anywhere. And the more these services are integrated (“log in with your Google account credentials”), the greater the scope for potential damage to the enterprise at large.
That goes some way to explain why, according to , the numbers of attacks may be declining: fewer attacks, sure, but increasingly effective, lucrative and impactful as methods evolve.
The fact that the total number of detections is decreasing does not indicate that businesses should relax and not take any safety measures. Whether it’s needed investment in extra backups, loss of reputation, loss of IP or interruption to business, ransomware is very, very expensive, and in some cases, terminal.
How Vectra AI addresses ransomware
Ransomware’s evolution has moved the technology away from broad, automated spray-and-pray attacks and toward highly focused human-driven attacks. These new ransomware generations frequently rely on stolen credentials to gain privileged access. And identity-based threats are undetectable by signature-based safeguards, at least, until the payload drops and code hosted on the victim begins to exhibit atypical behavior.
If ransomware evolves, so must your detection and response. The use of AI in this instance is perfect in detecting hidden and unknown attackers in real time, allowing for quick, decisive action. Machine learning algorithms detecting anomalies can raise red flags early, helping companies isolate potential infections before lateral spread of the encryption payload.
The Vectra AI platform looks for telltale symptoms of a ransomware compromise, such as reconnaissance, lateral movement, and command and control in network traffic that includes packets from and to cloud and IoT devices.
As Vectra AI is the solution that can see and stop ransomware before it can hurt you. Click here to find out more.