Machine Vs Machine: A Look at AI-Powered Ransomware

Cyber-crime is a fast growing industry because it’s a simple way for nefarious people with computer skills to make money. Ransomware in particular, has been an ongoing security nightmare for the last couple of years. With attacks like WannaCry, which infected about 400,000 computers in 150 countries, making headlines for their ability to fuel fears about the vulnerability of data. It has gone from the 22nd most common form of malware to the 5th most prevalent type.

According to a recent survey from Sophos, 54 percent of surveyed companies reported having being hit by a Ransomware attack in 2017. Another 31 percent expect it to happen again in the near future. The data collected indicated that the average cost of a single Ransomware attack (including downtime, manpower, and network costs) was $133,000. Five percent of the respondents blazoned total costs of up to $6 million, exclusive of the ransom paid.

Ransomware is not necessarily more dangerous or trickier compared to other forms of malware that finds its way into your computer, but it can definitely be more aggravating, and often times devastating. As concerns around the weaponized use of Artificial Intelligence (AI) rises, one can’t help but imagine what an AI powered Ransomware attack would look like.

An AI-driven Arms Race

While some analyst tout AI as the key to overcoming security gaps within the enterprise, its actually a double-edged sword. As the maturity and abilities of AI, machine learning, and natural language processing improve, an arms race between security professionals and hackers is on the horizon. Researchers and security firms have been using machine learning models and other AI technologies for some time to better forecast attacks, and identify ones that are already underway.

Its highly probable that criminal collectives and hackers will use the technology to strike back. Security experts surmise that once AI development reaches consumer level adoption, cases of its use in malicious attacks will skyrocket. Ultimately, malware authors may begin creating machine learning models that learn from disruption detection models, defensive responses, and exploiting new vulnerabilities quicker than defenders can patch them.

According to a 2018 McAfee Labs threats predictions report, the only way to win the ensuing arms race is to – “effectively augment machine judgment with human strategic intellect”. Only then will companies be able to understand and anticipate the patterns of how the attacks will play out.

AI-driven Ransomware Attacks

AI-driven Ransomware is capable of turbo-charging the risks associated with an attack by self organizing to cause maximum damage, and moving on to new, more lucrative targets. Attackers can utilize artificial intelligence to automate multiple processes, mainly in the areas of targeting and evasion.

  • Intelligent Targeting – Phishing remains the most popular method of distributing Ransomware. Machine learning models are capable of matching humans at the art of drafting convincing fake emails. And they can create thousands of malware-loaded, fake messages at much faster pace without tiring. Much like a human, a machine learning model with the right ‘training data’ about a target could constantly change the words in a phishing message, till it finds the most effective combination. Ultimately tricking the victim into clicking anything or sending personal data. By going through your correspondence and learning how you communicate, messages crafted by an AI will easily bypass spam filters. And then mimic you in order to infect other unsuspecting targets.
    Intelligent Evasion – AI has the ability to make destructive hacks far less visible. An ML model can be used to hide a Ransomware attack by manipulating the system and disabling any active security measures. In this age of IoT, a self-targeting, self-hunting malware attack could easily high-jack IoT endpoints, manipulate data, and simultaneously infect millions of systems with ever being detected.

AI-driven Cyber Security

As more advancements are made in the field of artificial intelligence, it will become more accessible and inevitably used for ill. However, the upside is that the use of intelligent agents in cybersecurity services and applications offer an adequate and effective protection against incoming Ransomware and other related threats.

  • Early detection – Mainstream anti-malware and anti-virus products identify malicious software by matching it against a database containing digital signatures of identified malware. Machine learning enables the creation of a continually vigilant system that is capable of making decisions on the fly, based on complex algorithms and computational formulas. As more data is collected, the system learns by experience. Effectively preventing attacks by stopping the payload at download. And in the event is was successfully downloaded onto an endpoint, the additional steps of running exploits and running scripts and attacks in memory can be stopped.
    Effective Monitoring – Since AI has the ability to automate and self-learn, it significantly raises the effectiveness of guarding systems from attacks. The pro-active nature of a machine learning model allows it to anticipate attacks by monitoring glitches and patterns related to malicious content. A heuristic analysis can be performed to determine whether the behavior being observed is more likely to be malicious or legitimate, thus reducing the number of false positives or misdiagnoses. ML capabilities guarantee that any results that slip through are used to improve the system during subsequent monitoring.

Not all AI solutions are created equal. Despite the looming threat of a weaponized AI-driven attack, the key takeaway should be that prevention is possible. And as much as AI can be used to prevent Ransomware, the fight against malware threats is not all about software and security mechanisms. The first point of contact between the perpetrators and victims is usually a baited email. A lack of security awareness on the victim’s part is a huge part of the equation. In the fight of machine vs machine, the human element plays a crucial role. Measures to increase enterprise knowledge on the best practices to adopt and tricks to avoid has to be included in the overall defensive strategy.

Author: Gabriel Lando
image courtesy of