Could Artificial Intelligence Solve the Ransomware Epidemic?

img blog artificial intelligence
Ransomware is one of the oldest attack methods on the web. The emergence of artificial intelligence in the security space could be key to defeating it.

To say that modern security teams face a daunting landscape would be putting it lightly. 

In the wake of the pandemic, cyberattacks are at an all-time high. Ransomware, especially, has experienced a surge in popularity and prevalence. The emergence of ransomware-as-a-service coupled with an increasing tendency to target healthcare and the public sector has set a troubling precedent. 

We’ve already seen echoes of what could happen if this trend is allowed to proceed unchallenged. As reported by NBC News, ransomware is alleged to have directly led to an infant’s death in 2020. And in 2019, the entirety of Baltimore came screeching to a halt as multiple systems were locked down by ransomware

One can only imagine the consequences of a ransomware attack on the U.S. power grid or similar critical public systems. 

The problem is that fighting this epidemic is anything but simple. There are only so many hours in a day and only so many security specialists to go around. Particularly within a larger organization, it’s next to impossible for a single person — or even a single team — to keep pace with the cadence of attacks and intrusion attempts.

Machine learning could be the answer. 

Through the use of artificial intelligence, businesses can construct something akin to a digital immune system. Rather than requiring security teams to maintain a constant vigil around their systems, AI-based defenses would establish a baseline for what constitutes normal network activity. The moment anything occurs outside that baseline, it’s flagged — and, depending on configuration, quarantined until it can be evaluated.

In addition to easing the burden on security personnel, an AI-driven approach has another noteworthy advantage over traditional systems — it doesn’t rely on definitions. 

This is arguably one of the most significant weaknesses of traditional antivirus software. It’s designed to recognize the unique signature of a particular type of malware. If a particular piece of ransomware is new-to-market, said signature will not exist in the antivirus’s library, rendering it incapable of recognizing the threat. 

Rather than relying on definitions, AI focuses on behavior. However complex ransomware might have become, it ultimately always follows a similar pattern. By identifying that pattern, a digital immune system can isolate infected systems before the infection has an opportunity to spread. 

It’s not all smooth sailing, though. Just as security teams can leverage AI to better protect them against cyberattacks, so too can cybercriminals utilize AI to uncover new vulnerabilities and attack vectors. If it sounds like we’re on the verge of another arms race between white hats and black hats, that’s because we are. 

But at least in the short term, AI and ML provide a compelling solution to an all-too-prevalent problem.