The Potential Role of Artificial Intelligence in Fighting Ransomware

We won't see the singularity anytime soon. However, that doesn't mean AI is without merit — it could, for instance, prove invaluable in fighting ransomware.

Ransomware is getting worse. Per security provider Sonicwall, ransomware attacks increased by 62% in 2020, reaching 304 million worldwide. This number might not seem terribly concerning, taken in context — it still hasn’t topped the 638 million we saw in 2016. But quantity isn’t the only problem here. 

We don’t just see more ransomware attacks; ransomware is also becoming more sophisticated and challenging to defend against. In a pastiche of the businesses they’re targeting, some particularly enterprising criminals have begun to offer ransomware-as-a-service. And even in the case of ransomware that isn’t especially sophisticated, all it takes for a network to be infected is one person opening an attachment they shouldn’t. 

As reported by Aju Business Daily, the Korea Internet & Security Agency (KISA), South Korea’s Internet watchdog, believes the answer lies with artificial intelligence. Leveraging machine learning and big data, it seeks to develop an anti-ransomware system that corporations could use to protect themselves and their assets. Although the details aren’t yet entirely clear —the only thing KISA has stated publicly is that the system is in development —it appears as though it will play a preventative role. 

It’s hardly surprising that the agency is exploring AI as a potential solution. It has been clear for some time now that traditional, signature-based methods of protecting against malicious software are inherently flawed. It is also widely known that no matter how much training a business offers and no matter how frequently it coaches employees on mindfulness, there will always be at least one person who is careless with their email. 

But what exactly makes AI so valuable in this respect? 

Firstly, while no two bundles of malicious code are completely alike, they all display similar patterns and behaviors. A signature-based antivirus might ignore the activities of a worm if no definitions exist for it. On the other hand, an algorithmic AV solution would immediately see the virus for what it is and act accordingly. 

Ransomware, too, follows a set pattern, one which can be categorized and analyzed. 

There’s also the fact that the sheer volume of cyberattacks targeted at even a mid-sized business is simply too much for human actors to manage. For AI, this isn’t a problem. An algorithm doesn’t need to eat or sleep, nor can it be overwhelmed by intensive data processing. 

It can simply collect, analyze, and then provide security teams with the necessary insights. 

Finally, as reported by Bank Info Security, criminals are themselves leveraging artificial intelligence to help them more effectively target and execute their attacks. The result is an AI arms race, with security teams on one side and black hats on the other. Businesses that fail to mark this trend and start leveraging AI to protect themselves may well end up as targets.