AI and ransomware: a scary combination

by Daniel Weatherly ([email protected]) 1,000 views 

Artificial intelligence (AI) is disrupting the modern world and most notably in the digital sphere. The cybercrime threats that have existed in the digital world have become more powerful and harmful because of AI.

For example, ransomware is used by hackers to lock up your computer files and then demand money to release them and ransomware attacks frequently start with a fake, or “phishing”, email that tricks a computer user into clicking on a link or opening an attachment to deliver the malicious ransomware.

Cybercriminals are now using AI to better target people and organizations and to create more realistic-looking emails to fool users into taking harmful actions. Thanks to AI, hackers can create more personalized emails that are even more authentic looking than ever. AI is even being used as camouflage against traditional antivirus programs, making it harder for detection tools to stop attacks.

Let’s look at some of the scary threats that are being created with AI.

Phishing and Social Engineering: The next time you receive an email that looks like it’s from someone you know, it could be a hacker who’s trying to steal your information. By gathering data about you from the internet, they can send you personalized phishing emails to trick you into believing the email is legitimate and getting you to click on harmful links or divulge personal details. Thanks to AI, these fakes are more authentic looking; forcing all of us to be more vigilant and to use an abundance of caution in double-checking emails.

Automated Spear Phishing: AI can be used to automate targeted attacks on specific people or groups by using machine learning to learn about the targets and create tailor-made emails for each victim, at scale. By launching larger scale attacks, more people are reached, increasing the chances for success. Cybersecurity awareness and safe email handling training is essential to combat this new generation of phishing attacks.

Polymorphic Malware: AI can be used to change the code and behavior of malware so that it can hide from traditional antivirus software. This makes it very challenging for your computer’s traditional anti-malware defenses to catch and remove the malware. Newer behavior-based detection tools, known as Endpoint Detection and Response (EDR) software is an increasingly necessary mechanism to combat these AI-driven evolving attacks.

Enhanced Encryption: Ransomware uses encryption to lock up your files and AI is used to create even stronger and more complex encryption to make it harder for cybersecurity experts to crack the code and unlock your files without paying ransoms. A robust backup program incorporating immutability and air-gapping is a critical requirement to protect yourself and avoid paying ransom to get your files back.

Automated Attack Optimization: AI is used to analyze data from previous attacks to know what works best and optimize future attacks by targeting the most vulnerable victims, choosing the right time to strike and adjust ransom demands. Periodically scanning your systems for known vulnerabilities and consistently applying vendor-supplied patches decreases the attack surface; denying potential entry points for attackers using these orchestrated multi-pronged tactics.

AI technology has made ransomware attacks even scarier with more ways to deceive and harm people and organizations. You can better protect yourself and your data from these evolving threats by staying vigilant and proactive by remembering to:

• Train users to be cautious with emails and avoid clicking on suspicious links,
• Monitor for vulnerabilities and keep software and systems patched,
• Deploy EDR or MDR technology,
• Back up important files regularly using immutability and air-gapping, and
• Stay informed about cybersecurity best practices.

Editor’s note: Daniel Weatherly is Director of Security Services for Mainstream Technologies, Inc. The opinions expressed are those of the author.