Marilyn Wilkinson, March 2024

Ransomware and AI: Hype or Threat?

Artificial intelligence will “almost certainly” increase the volume and impact of cyber attacks in the next two years, according to a report from the UK government. Since tools like ChatGPT exploded into the mainstream in early 2023, AI is constantly in the headlines. But it’s not just hype: Various types of threat actors – state and non-state, skilled and less skilled – are using AI to carry out malicious activities. Let’s explore how cybercriminals are using AI and, more importantly, what we can do about it. 

How Ransomware Criminals Are Using AI

Ransomware is malicious software that enables hackers to infiltrate a company’s network. They encrypt the data, demand a ransom for its return, and often leak it on the dark web. These attacks can impact any kind of organization, and the average data breach costs $4.45 million.

Now, AI is supercharging ransomware campaigns, making them more targeted, harder to detect, and difficult to combat.

Here’s an overview of how criminals are using AI technology to launch attacks:

  • Ransomware-as-a Service Platforms

Ransomware as a Service (RaaS) platforms offer a subscription-based model that enables aspiring cybercriminals to launch a ransomware attack—even without technical skills. 

Now, with AI integration, RaaS platforms have gotten smarter, automating target selection and customizing attacks to increase their hit rate. Algorithms analyze vast datasets to identify vulnerable systems and lucrative targets, making it easier to deploy attacks.

  • Advanced Evasion Techniques

AI helps malware evade detection. One prime example is polymorphic malware, which uses AI to modify its code. The ability to constantly change makes it almost undetectable for many antivirus programs. 

Moreover, AI can analyze the defense strategies of antivirus software. It figures out how the system detects malware and adjusts its behavior to blend in with normal network activity. This makes detection more difficult, so malware can remain undetected for longer periods and inflict more damage. 

  • Sophisticated Phishing Campaigns 

Generative AI makes it easy for criminals to create realistic-sounding phishing emails in perfect English (or any other language). 

ChatGPT and similar tools have restrictions designed to prevent them from being used to cause harm. However, criminals have developed their own large language models (LLMs) such as WormGPT and FraudGPT that can be used to create fraudulent emails and build malicious code.

  • Zero-Day Vulnerabilities Exploitation

AI’s ability to process and analyze information rapidly is particularly concerning when it comes to zero-day vulnerabilities—previously unknown software flaws. Cybercriminals use AI to continuously scan software and systems, identifying vulnerabilities faster than a human could. 

Hackers then exploit these flaws in automated attacks, often before developers have the chance to release patches, leaving systems exposed and at risk.

  • Dynamic Ransom Demands

You know how an Uber costs more when demand is higher, or an airline might raise prices when a flight is close to being sold out? This is known as dynamic pricing, powered by AI algorithms. And now, ransomware criminals are starting to use this technology, too. 

AI-driven ransomware can assess the value of encrypted data and adjust ransom demands on the fly. This smart pricing strategy means companies face demands closely matched to the perceived value of their data and/or the victim’s ability to pay. 

This tailored approach increases the likelihood of payment, and it’s automated, making it easier for criminals to deploy attacks. 

  • Bot-Based Negotiations 

AI can also automate the ransom negotiation process. Until now, a human operator would communicate with the victim and negotiate the ransom payment. 

With AI, attackers can automate the negotiation process, enabling them to scale their operations and leaving no room for mercy. 

The Evolution of Ransomware and AI

Hackers are using AI, machine learning, and other technologies to launch increasingly sophisticated attacks. 

The cliché of a hacker in a dark room working alone no longer reflects reality. Today, hacking is a multibillion-dollar enterprise. Ransomware gangs have institutional hierarchies, R&D budgets, and technology that becomes smarter everyday. 

This raises the question, how can businesses protect themselves?

The good news is, AI can also be used for defense. 

How to Protect Against Ransomware With AI

Research suggests that companies are currently not doing enough to protect themselves from AI-powered ransomware. According to a McKinsey study, 53% of organizations acknowledge AI as a risk to cybersecurity, but only 38% are actively trying to mitigate that risk.

The time to act is now. Here’s how you can improve your organization’s defenses against AI-enhanced ransomware:

  • Update Security Training with AI in Mind

Modern security training should cover AI-powered threats, like deepfakes, to help ensure employees know what to look out for. This way, they are less likely to fall for phishing scams—however sophisticated they may be. 

  • Adopt Zero Trust Architecture

Zero Trust means every user and device has to verify themselves, whether they’re internal or external. Double-checking every access request makes it harder for unauthorized users to infiltrate the network. 

  • Leverage AI for Proactive Defense

Companies should actively incorporate AI into their cybersecurity strategy. In other words, fight fire with fire. 

AI can analyze vast amounts of data in real-time, identifying and responding to suspicious activities faster than a human could. By using AI-based analytics and threat-detection tools, a business can proactively protect itself against potential threats. 

ProLion CryptoSpike analyzes data access in real-time to detect and block ransomware attacks. If it identifies unusual activity in your file system, it blocks the suspicious user, prevents the attack, and triggers an alert. In the unlikely event an attacker does manage to get through, ProLion’s Single File Restore functionality makes it easy to recover the files you need. 

Protect Your Organization in the Age of AI 

While AI presents new challenges in the form of sophisticated ransomware attacks, it also offers powerful tools for defense. Robust ransomware protection and solid cybersecurity hygiene are the most effective ways to protect your organization in the age of AI. 

Is your organization prepared for increasingly sophisticated cyber attacks? Take the cyber resiliency assessment to find out, or read our whitepaper on the best ransomware protection strategies