Ransomware is everywhere. The number of emails containing ransomware rose 6,000 percent since 2015. In 2016, 40 percent of all spam emails had one of these malicious programs hidden within, according to IBM. Other reports highlight the sophistication of ransomware nowadays and it’s financial impact on organizations that that become victims. In short, it’s all bad news. Or not?
No, it isn’t all doom and gloom. New approaches like machine learning are blazing a trail in the fight against ransomware, and against malicious activity in general.
What is machine learning?
Machine learning is a new type of artificial intelligence that is emerging in mainstream technological pursuits. Machine learning enables systems to learn and shift their capabilities without having to be programmed specifically. In this way, access to new data allows a system to adjust its processes depending on the given information.
What does machine learning have to do with ransomware?
The industry applies machine learning to all kinds of systems and activities. It allows systems to become smarter and shift processes without the need for human interaction. This type of advanced capabilities may prove invaluable to cyber security. For many organizations such a solution is just what’s needed to guard against increasingly complex malicious threats. And companies need this help desperately.
In fact, even law enforcement isn’t immune to ransomware. Naked Security recently reported on an incident involving Texas police. The police lost a significant amount of data after hackers encrypted some files. The department lost eight years’ worth of digital evidence after an employee clicked a malicious link in an email.
The attack impacted every file on the organization’s connected server. Instead of paying the ransom to attackers, the FBI and department’s IT staff decided the best course of action was to wipe the server of all affected files, thereby eliminating the ransomware.
Could machine learning provide the answer?
Machine learning could be the next best weapon in this cyber war. An AI system could slow the spread of the malicious program used to encrypt files. The AI system could also prevent authorized access, reducing the overall impact of the infection.
Data mining processes scour data sets to pinpoint patterns that could be used to bolster human comprehension. Machine learning works in comparable way, leveraging existing data to determine patterns and using those patterns to adjust its own actions.
Machine learning could provide the key to detecting ransomware attacks before they become too widespread. It could provide the opportunity for an organization to react ahead of malicious file encryption.
CERBER: Ransomware sidesteps machine learning protection
But hackers are quick to establish strategies to circumvent preventation tactics. Trend Micro reported earlier on a new family of ransomware that had the ability to avoid detection by machine learning security solutions.
This infection family, dubbed CERBER, is still in a malicious email link like its ransomware predecessors. However, it is one of the most advanced attacks seen yet. CERBER is able to identify the type of environment it is running in, be it a virtual machine or sandbox. The infection then checks for analytics and antivirus products: Task Manager, Wireshark and solutions from AVG, Kaspersky, Norton and Trend Micro. What’s more, CERBER includes a separate loader that helps to evade machine learning solutions.
“The industry has created features to proactively detect malicious files based on features instead of signatures,” Trend Micro threat analyst Gilbert Sison wrote. “The new packaging and loading mechanism employed by Cerber can cause problems for static machine learning approaches. For example methods that analyze a file without any execution or emulation.”
Ransomware protection in the age of machine learning
As Sison pointed out, this doesn’t mean machine learning is invaluable in protecting against ransomware. CERBER appears to include the first attempt to evade machine learning protection solutions, but hackers’ approach hasn’t been fully perfected.
A layered anti-malware approach can better identify suspicious file packages. It can provide a strong safeguard against this type of malicious activity. “Solutions that rely on a variety of techniques, and are not overly reliant on machine learning, can still protect customers against these threats,” Sison explained.
In this way, it’s important to vary the types of protections in place, and use a multi-layered system to close any gaps in security. To find out more, contact Trend Micro today.