How to defend your business against AI-powered ransomware
In November 2023, the Australian Government published the Australian Cybersecurity Strategy 2023 – 2030, its roadmap for improving cyber security, managing cyber risks and better supporting citizens and businesses in the fight against cybercrime. The need to address the threat and impact of ransomware features prominently.
This is not surprising. Our own latest research shows that one in three (31%) of the Australian organisations surveyed had been hit with ransomware in the last 12 months – and a further 39% had fallen victim to two or more ransomware attacks. That's 70% overall. Further, well over half of those impacted, 58%, paid the ransom.
Whether this was to speed up recovery, restore encrypted data or protect stolen data from being publicly exposed, we don't know – but the Strategy's stated goal of disrupting the ransomware attackers' (profitable) business model seems out of reach for the time being.
Ransomware continues to be the most acute cyber threat faced by businesses and organisations across Australia, and it's a problem that artificial intelligence (AI) will exacerbate.
To date, the volume and intensity of ransomware attacks have been constrained by a lack of attacker skills, resources and the volume of work required to develop or implement the tools needed to launch a successful ransomware attack. With AI in the picture, however, many of these limitations are lifted. AI lowers the entry bar for attackers, enabling relatively unskilled threat actors to carry out more effective targeting, access, and distribution operations. This will drive an increase in the ransomware threat over the coming years.
Attackers can use AI to automate time-consuming activities and optimise existing procedures. This includes trawling the internet and social media for potential targets, crafting convincing phishing emails, and then sending these out in higher volumes and at greater speeds.
The traditional approach to detecting suspicious emails, by scanning for language, grammar, and spelling anomalies for example, is effectively undermined by AI.
Other AI-based tools that will aid ransomware activities in the medium term include being able to write and revise malicious code more easily and faster. This also means that cybercriminals can use less experienced staff to build attacks.
Fortunately, it's not all bad news. AI can also be very effective in preventing AI-enabled attacks.
How to protect your business from AI-based ransomware attacks
As ransomware attacks become more sophisticated, AI tools are becoming more effective at detecting and mitigating these threats. To protect your organisation, you need to fight fire with fire by leveraging AI technology to detect, prevent, and recover from ransomware.
Here are some best practices to consider:
1. Protect your email from phishing by using AI to help detect phishing emails — before they even hit your employees' inboxes. AI technology can leverage machine learning models to scan through massive amounts of data in real-time to identify suspicious activities or patterns. This includes detecting malicious file attachments or other indicators of compromise (IOCs) hidden within emails before they can cause damage to the network.
2. Protect your web applications. Your web applications are at risk if you have any web forms — you don't need to have an e-commerce site to be at risk. These applications can be at risk from attacks by bots acting like humans to evade detection, unprotected APIs, credential stuffing and brute-force attacks. You need a web application firewall that can detect and protect with continuous machine learning to keep ahead of the AI that attackers are now using.
3. Protect your credentials. Zero Trust can add additional levels of security. It ties user credentials to a trusted device so that an attacker who has a stolen username/password will not be able to get network access.
4. Employee training. Training employees on how to recognise suspicious emails and attachments can go a long way in preventing successful phishing attacks that can lead to ransomware infections. AI can be used to improve your training so that it is more effective by identifying the employees most at risk and modelling attacks for employees so that they can recognise the latest methods before it's too late.
5. Regular backups. It is essential to ensure that you have a regular backup schedule for all important data and keep those backups separate from the organisation's central network so that you can recover from ransomware attacks. Your backups should also be well-protected with end-to-end encryption and strong access controls.
6. Employ AI-security solutions. Leveraging AI-based security solutions such as XDR can help detect and respond to ransomware attacks in real time. With XDR, AI attacks can be detected in hours where it might take weeks or months without AI-powered detection.
7. Keep software and systems patched. Always ensure that your organisation's software and systems are updated with the latest patches to minimise vulnerabilities.
Conclusion
AI technology has significantly impacted ransomware by making the attacks more effective and increasing the volume of the attacks. With AI-enabled cybersecurity solutions, companies can mitigate the risks of ransomware attacks and minimise the impact they may have. Adopting a multi-layered approach to ransomware will help businesses protect their reputation, customers, and bottom line.
To get additional insights about the current ransomware threat landscape and what you can do to safeguard your data from bad actors putting AI to use for new and more damaging attacks, check out our e-book "This changes everything: Ransomware in the age of AI."