First time since 2013 we have witnessed a decrease in ransomware activity, with the overall number of ransomware infections on endpoints dropping by 20%. However, ransomware like WannaCry, copycat versions, and Petya, continued to inflate infection figures. But when these worms are stripped out from the statistics, the drop in infection numbers is steeper: a 52% fall. However, 2019 doesn’t seem to be as good as the last. Even though the numbers of ransomware activity decreased, the headlines are still coming about ransomware affecting enterprises.
There was a time when ransomware was focused on the consumers, but in 2017, the focus shifted to enterprises and in 2018, that shift accelerated, and enterprises accounted for 81% of all ransomware infections.
However, it’s not just private companies that are under threat. Recently, in one of our articles, we listed some of the top targets of ransomware and of them was Government firms. In fact, a recent incident in Texas proved that Government organisations are actually under the radar of cyber-attackers.
Texas Ransomware Attack
Recently, hackers attacked 23 organisations connected to local government in the US state of Texas with ransomware. The attack was so serious that it disabled email accounts and prevented online payments to city departments for weeks.
Even though the type of ransomware is not revealed yet, and no state networks were compromised in the attack; reports suggest that the attack was carried by one single threat actor. The officials from Texas have stated that investigations into the origin of this attack are ongoing, but as of now, they are more inclined towards response and recovery and get things back to normal.
The damages from ransomware are brutal. For example, the Baltimore incident in May 2019, where hackers seized control of thousands of government computers in, ended up amounting to $18 million in direct costs and lost revenue.
How AI Could Make Ransomware More Lethal
Hackers unleashing ransomware attacks on these really big targets is definitely a thing to worry about. However, what could be worse is what if ransomware attacks gets powered by artificial intelligence. It would be a completely new, power-packed makeover for some of the notorious ransomware and there are chances that these worms would evade any cyber defence into computer networks and create havoc.
The whole industry is moving towards A.I. for protection. It’s no surprise that AI and ML through the years have become something really incredible for the cybersecurity industry — from detecting threats to mitigating risks. But these sought-after technologies are like a double-edged sword, and once in the hands of threat actors, the table might turn.
The worse could happen when these sought-after techs reach the consumer level adoption. Imagine ransomware that is powered by machine learning and has the capability to learn from defensive responses and start pwning and exploiting way faster than a defending system.
However, that is not the only way AI and ML could be used when it comes to ransomware attacks, there are other potential methods and strategies as well.
Deepfakes, which is already one of the most notorious threats, could also play a role in pushing ransomware to the next level. They can be used to land video calls posing as the boss and ask any employee to carry out a task. This could be a way of spear phishing that would later result in making a way for ransomware to infect systems. Also, it would not only be in the form of a video call, but also in other forms of communication. Hackers would be able to create thousands of malware-loaded, fake messages at a much faster pace without tiring.
That is not all, AI and ML today have the capability to bypass CAPTCHA too. There are instances where technology professionals have published their work where they have shown how the CAPTCHA can be easily broken using machine learning and deep learning. And there are many companies and organisations that rely extensively on CAPTCHA to determine if there is any non-human intervention.
One cannot emphasise enough on the fact that technological advancement always works for both sides of a coin. If IT security professionals are using some of the most advanced techs to forecast attacks, even threat actors are making the best of the same tech to stay one step ahead.
This race between the white hat hackers and the black hat hackers will continue for the years to come, and the result would always depend on who leverages what technology and when.