AI and ransomware: cutting through the hype

June 2024 AI & Data Analytics, Information Security

Rick Vanover

It might be the great paradox of 2024: artificial intelligence (AI). Everyone is bored of hearing it, but we cannot stop talking about it. It is not going away, so we had better get used to it. AI is disrupting most digital industries, and cybercrime is no exception.

However, cutting through the hype and getting to the facts is worth it. Much has been made of AI's potential impact on the global ransomware threat, but how much does it really change the picture?

While the future potential of AI, on cybercrime and society in general, is immense (and a little scary), it is more helpful to focus on the here and now. Currently, AI is just another tool at threat actors’ disposal, but it is quite a significant one because it lowers the barrier to entry for criminals. The UK’s National Cyber Security Centre recently warned how AI will increase the ransomware threat through supporting “reconnaissance, phishing and coding”.

Using AI to assist with coding is already common among legitimate programmers. Even if it is just reviewing broken code or answering specific questions faster than Google, AI will support people hacking systems just as much as those developing them. While this might make ransomware gangs’ lives easier, it will not make things any worse for security teams. The result has not changed; depending on who you ask, the end product might even be worse.

However, the other current use cases are more consequential. AI algorithms can scan networks or environments to map architecture and endpoints and, crucially, spot vulnerabilities. Threat actors will already do this manually, but AI will make it much easier and more effective. AI can also be used to automate information gathering for more targeted attacks. These tools can scrape the internet (particularly social media) to collect as much information on a target as possible for phishing and social engineering.

This brings us to the last typical use of AI by cybercriminals. In a conversation where the hype is aplenty, describing AI as ‘supporting phishing’ is probably underselling it. At its most basic, even the most readily available AI tools can be used to craft better phishing emails – bridging the language barrier that often makes such scams spottable. That is another example of AI improving malicious activity that already exists, but the voice cloning (deepfakes) of specific people is another entirely different thing. When combined with automated information gathering on a target, we are looking at the next generation of social engineering.

What it means for security

While cybercriminals having more tools at their disposal is never going to feel great, there are two things to bear in mind: one, security teams have access to these tools as well, and two, AI is going to make attacks more sophisticated and effective. For now, it is not introducing any brand-new or entirely novel threats, so there is no need to tear up the playbook.

AI is already used on both sides of the battle line. It is probably fair to say that while ransomware gangs have access to their dark marketplaces of solutions and services, we ‘normies’ have access to far more. The ransomware industry was valued at $14 billion as of 2022, but the global security industry makes this look tiny when comparing it to its $222 billion.

On the security side, AI can be used for behavioural analytics, threat detection and vulnerability scanning to detect malicious activities and risks. AI can be employed to monitor both the system itself (scanning for vulnerabilities and entry points) and activity on the system (behavioural analytics, data analysis, etc.). AI-enabled security aims to predict and catch threats before they turn into breaches. More advanced tools will automatically respond to these threats, alerting security teams or restricting access. Much like on the criminal side, most of these concepts exist now (such as firewalls and malware detectors), but AI is making them more efficient and effective.

You cannot beat basic principles

So, even though AI will be used on both sides, it is not a case of getting AIs to battle each other in the cyber-realm (although that does sound cool.) Ransomware is not changing (for now, at least), and attackers' tactics are not transforming. Digital hygiene and zero trust all still work. Security will need to keep up, sure. After all, social engineering only needs to work once, but ransomware prevention and resilience need to work every time.

Ultimately, the best practice remains the best practice. As AI-enabled ransomware becomes more common, having copies of your data becomes more critical than ever. When all else fails – you need backup and recovery. All of these scary scenarios, even the most advanced phishing attack known to man (or machine), could all end up with – ‘thank God I had trusted backup and recovery’.

Backup is your last line of defence, so you must know you can rely on it. Again, the best practice has not changed here. You need multiple copies of your data, one offline and one off-site. You also need a well-rehearsed recovery strategy, including scanning backups for infection and setting up a recovery environment that is ready to rock.

It is less daunting than it seems. AI is not changing the game – it is just a natural progression. Progression is the game's name in cybersecurity – you cannot do everything, but you should do something. The basic principles still get you pretty far, so keep following those, keep up to date on best practices, and make sure you can trust your backup when all else fails.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Latest AI solution to manage guards
DeepAlert Products & Solutions Surveillance AI & Data Analytics
No guard at the guardhouse? Guard under duress? Guard asleep? DeepAlert’s AI technology delivers real-time alerts to mobile phones and video management systems, helping you manage your guards more effectively.

NEC XON shares lessons learned from ransomware attacks
NEC XON Editor's Choice Information Security
NEC XON has handled many ransomware attacks. We've distilled key insights and listed them in this article to better equip companies and individuals for scenarios like this, which many will say are an inevitable reality in today’s environment.

Responsible AI in security
DeepAlert AI & Data Analytics
As AI continues to revolutionise the field of video surveillance, it is crucial to carefully weigh its benefits against the ethical and legal considerations that have been raised by individuals and organisations around the world.

On-camera AI and storage create added benefits
Elvey Security Technologies AI & Data Analytics Surveillance IoT & Automation
The days of standalone security systems are long past, and the drive is now to educate system integrators, installers, and end users on the return on investment that can be derived from intelligent, integrated BMS, IoT and security systems.

Artificial intelligence on the edge
Axis Communications SA Surveillance AI & Data Analytics
In the world of video surveillance, one of the primary benefits of edge computing will be the ability to undertake advanced analytics using artificial intelligence (AI) and deep learning within cameras themselves.

Analytics verifies shipments and reduces complaints
Intelligent Security Systems AI & Data Analytics
One of America’s largest poultry producers, which provides a wide range of frozen and fresh chicken products to supermarkets across the US, deployed solutions from ISS to mitigate against losses.

Cybersecurity and AI
AI & Data Analytics Information Security
Cybersecurity is one of the primary reasons that detecting the commonalities and threats of what is otherwise completely unknown is possible with tools such as SIEM and endpoint protection platforms.

Data security and privacy in global mobility
Security Services & Risk Management Information Security
Data security and privacy in today’s interconnected world is of paramount importance. In the realm of global mobility, where individuals and organisations traverse borders for various reasons, safeguarding sensitive information becomes an even more critical imperative.

Sophos celebrates partners and cybersecurity innovation at annual conference
News & Events Information Security
[Sponsored] Sun City hosted Sophos' annual partner event this year, which took place from 12 to 14 March. Sophos’ South African cybersecurity distributors and resellers gathered for an engaging two-day conference.

Re-imagining business operations with the power of AI
AI & Data Analytics Surveillance
inq., a Convergence Partners company, has introduced a range of artificial intelligence (AI) solutions to assist organisations across industry verticals in optimising business operations and improving internal efficiencies.