Fighting machines with machines: how to beat ransomware

 

With great connectivity comes great opportunity for attackers and defenders alike. Modern businesses are working more flexibly from increasingly remote corners of the globe and, in doing so, expose themselves to a wealth of malicious activity.

Corporate security teams are faced with novel, sophisticated threats every day but frequently lack the resources to keep up.

However, developments in mathematics and machine learning have the power to revolutionise the cyber security industry in response to the escalating cyber challenge.

These cyber issues are only getting worse. In this new age of threat, one of the most punishing and shockingly brazen attack vectors is ransomware.

A variant form of malware spread for financial gain, ransomware encrypts company files and then demands payment to unlock them. Such attacks move quickly, encrypting multiple files, documents and data in minutes.

>See also: The evolution of ransomware: what lies ahead?

Ransomware is usually delivered through a malicious email attachment, visiting compromised websites, or a security gap in the network, in which the malware will typically seek to spread throughout a network by infecting other files.

Once a malicious attacker has encrypted company data, it is practically impossible to decrypt the files and reverse the damage – unless data backups exist – and once lost, they are lost forever.

Cases of ransomware have surged since it first appeared in the early 2000s. In March 2016 alone, Darktrace discovered 41 ransomware incidents in its customer networks. This is compared to 13 reports of ransomware in February 2016 and a mere 6 in the previous month.

Once ransomware has infected a network, criminals can name their price, asking for £1 million at 9am and £5 million by noon – no time for a mid-morning coffee break.

In 2015, a strain of ransomware called CryptoWall cost users £325 million, which would mean ‘game over’ for most businesses. Even if the thieves do not demand payment, the encryption process may still have corrupted files and caused thousands of pounds worth of data to be lost.

With limited response times and no way out, organisations have no choice but to pay the extortionate demands. Government intelligence agencies like the FBI find themselves permanently a step behind, arriving at the scene long after the crime has been committed and unable to recommend an alternative to giving-in to the demands.

What’s more, it’s not only the crippling cost of ransomware that is detrimental to a company, but the inherent loss of control. Trust and reputational damage can serve the heaviest blow to business, even if a breach turns out to be much less severe than first thought.

Ransomware tomorrow

From iWatches to driverless cars, tech innovators are experimenting with every aspect of our lives and trends are catching fast. However, in the race for bigger, better and smarter, something has to give – and too often it’s security.

>See also: How to minimise the impact of ransomware

We can imagine the concerning consequences this could have in sectors such as healthcare. Modern hospitals are becoming digital jungles. As well as vast databases storing lifelong histories of patient data, today lives depend on machinery working effectively for diagnosis and treatment.

So what if this equipment were compromised? We cannot rule out the possibility of hackers attacking these device – for example, taking down an MRI scanner for a few hours could cost both money and lives.

Businesses need to step-up their defences. With an immune system approach, ransomware attacks can be identified before the encrypting begins. New technologies can use machine learning to spot novel threats in real time, and execute an automated response to isolate them quicker than any security team can.

By blocking connections that are seen and understood to be out-of-character for a given network, a machine response can prevent the spread of malware without interrupting day-to-day business operations.

 

Sourced from Andrew Tschonev, cyber security specialist, Darktrace

Avatar photo

Ben Rossi

Ben was Vitesse Media's editorial director, leading content creation and editorial strategy across all Vitesse products, including its market-leading B2B and consumer magazines, websites, research and...

Related Topics

Machine Learning
Ransomware