Ransomware protection: How to identify attacks with NDR & AI

January 26, 2022
Steve Cottrell
Ransomware protection: How to identify attacks with NDR & AI

The first Trojan horse was sent on a floppy disk to research institutions around the globe in 1989. Since then, software attacks with an extortionist background have (unfortunately) been the norm for many companies. Malicious computer software, often disguised as completely harmless programs, have caused billions in damage to private users, businesses, and governments alike.

While Trojans, worms and other malware cause considerable damage to those affected, ransomware works even more insidious than other malware. This is due to its effective disguise and extortionate nature. Anyone who catches ransomware usually faces a total digital loss.

Turns out that AI-based software might be the solution. What escapes the human eye can be detected and combated by artificial intelligence. But how do you protect yourself from ransomware? And how can AI help to quickly locate the digital intruder in real time and render it harmless?

Ransomware: a race against time

In essence, the infiltration process for ransomware is similar to those known from other malware: the attackers gain access to computers and servers via a weakness in the network. Once the ransomware has established itself in the network, a race against time begins. Those affected are tasked with containing the damage as quickly as possible unless you want to be paying a ransom to get your data back. These days creators of ransomware also accept payment in form of Bitcoin, as WannaCry has famously showcased.

The particularly annoying thing for network admins is the irreversible damage caused by a ransomware infection. Therefore, a ransomware attack is often considered a major digital disaster. In 2020 alone, data theft, espionage and sabotage caused over 220 billion Euros in damage. On top of that, almost 88 percent of companies in Germany stated that they had been the target of a cyberattack. Effective ransomware protection is essential for every company and a challenge for the IT department. This also goes for every private individual, as recently more and more ransomware attacks are targeting private systems.

One key factor that makes defending against ransomware so difficult is the way the malware gains access into the system. It is not uncommon for the programs to hide behind relatively harmless names or in email attachments. On its way to infect important files, the ransomware typically bypasses any malware protection. Blaming users for opening emails and clicking on attachments is thus rather short-sighted.

Cyber criminals are becoming quite adept at their craft. In addition to fake emails, there are now numerous ways for ransomware to find its way into one's own network. At first glance, innovative technologies such as NFC seem like a great step forward, but they also represent another entry point for malware. As of now, there is no real effective way to block ransomware from entry. Instead, users are tasked with reacting to an infection.

How are end users and administrators expected to keep track of this? Until now, the fight against cybercrime has followed a rather consistent pattern: attackers create a new malware and deploy it. Security teams notice the suspicious activity and isolate the files in question. Afterwards, the clever minds of the cybersecurity division come up with an effective antidote to the digital pest. The result is usually a new rule or policy built into the firewall.

This mouse-and-cat game has been going on for more than three decades now. But what if AI-supported systems were able to detect these attacks in advance? What if automated anti ransomware tools could unmask malware at an early stage and combat them effectively - even before they can cause harm?

How NDR unmasks malicious ransomware attacks

This is the approach taken by NDR technology. Network Detection and Response (NDR) is a highly effective cybersecurity solution that automatically searches for unauthorized or suspicious network access. To achieve this, the NDR program uses machine learning. In doing so, it observes the activities and checks whether they match the usual behaviour pattern of the network.

The advantages for network operators and admins are obvious. The less time that must be invested in actively searching for data leaks or loopholes, the better. Moreover, once the damage is done, repairing it is not only labor-intensive, but also hard on money - and nerves. It is precisely this aspect of the work that AI-based NDR software is supposed to take over in the future. This should, in theory, relieve IT security officers and admins.

With the right configuration, NDR can provide effective ransomware protection. Often, the unauthorized accesses are recognized immediately after they occur. For this purpose, the software takes advantage of the behavioral patterns from the database: If an activity appears suspicious, the NDR software observes the following steps with a wary eye. As soon as potentially malicious behaviour is detected, the software raises an alarm: either by notifying the user or by automatically isolating the dubious guests.

Vectra offers innovative and effective software that detects and combats digital threats at an early stage. The ransomware solutions effectively protect companies and private individuals from fraudulent activities and preventively warn users of suspicious access. This way, your data is protected - and digital blackmailers don't stand a chance!