For years, cybersecurity experts have tried an array of ways to keep various digital threats at bay. This includes advanced firewalls, enhanced anti-virus software, encryption, and whatnot.
However, there has been a new threat that is giving nightmares to cybersecurity professionals- AI-powered ransomware! And it works exactly how you see it in the movies. It learns and adapts in real-time, it bypasses the advanced defense mechanisms, and impersonates trusted users to gain entry and spread into a system. The results? Well, catastrophic, as you can already imagine!
But what are the threats that this new automated ransomware brings, and how can organizations and businesses avoid them? We have discussed the nitty-gritty of this new threat in our blog. So, let’s explore till the end to find out!
Just last week, some security researchers at New York University published an article- Ransomware 3.0: Self-Composing and LLM-Orchestrated. Here, they have clearly stated the prototype of an AI-powered ransomware, which is controlled by an LLM!
In fact, the researchers have also stated that-
“Unlike conventional malware, the prototype only requires natural language prompts embedded in the binary; malicious code is synthesized dynamically by the LLM at runtime, yielding polymorphic variants that adapt to the execution environment. The system performs reconnaissance, payload generation, and personalized extortion in a closed-loop attack campaign without human involvement.”
Now that’s a brand new threat to cybersecurity, and a nightmare for CISOs andor cybersecurity professionals alike. Why? Because now is the time for these professionals to thoroughly rethink and restructure everything about digital security!
In fact, the AI-generated ransomware, referred to as ‘PromptLock’ by the New York University researchers, has been deemed the ‘first-known AI-powered ransomware’ by the global digital security company ESET. However, the ESET officials have also stated that the discovery by NYU researchers is merely a proof of concept.
Now, let’s move on and explore how AI-powered ransomware attacks can prove to be deadly-
Before the advent of AI, some human hackers controlled an entire ransomware attack, from the start to the end. However, in an AI malware attack, the AI itself allows the ransomware to automate the whole process- right from those initial breaches, to data exfiltration! This kind of sophisticated automation allows the launch of several attacks, all at once, and significantly increases the volume of threats.
AI-powered ransomware attacks utilize machine learning to browse through social media accounts and websites. This helps it gather information about the target and learn in detail about their business elements. And with this information, such automated malware can craft highly personalized phishing emails or even ads to manipulate their targets.
Another factor about AI-powered ransomware is that it’s not static. Once inside a network, it can learn from the environment and adapt its behavior to stay undetected. If it encounters a security tool or a defensive protocol, the AI can dynamically modify its code or change its attack vector to bypass the antivirus software. This ability to continuously evolve makes it a moving target that can outsmart even the most advanced security systems.
Now, many of you might think about whether the PromptLock is capable of doing all such things or not, right? Well, of course it is! It does not have any fixed encryption logic and makes use of-
AI-based ransomware has understood the core weakness of every cybersecurity tool. And that’s the reason why even our best security features and tools are struggling to keep up with this new threat.
Here are some of the reasons why our current cybersecurity systems are failing to evade it-
IAM can very well control an individual’s access. But it cannot control when someone who has access decides to do something malicious! So, if an AI-generated script uses a valid user’s credentials, IAM will allow it to access without any issue.
EDRs are designed to catch threats that are known. However, they fall short when it comes to predicting new threats. EDRs explore the signature and behavioral patterns of malware from past attacks. But AI-powered ransomware happens to mutate its malicious code on the go. This means each time, it creates a new variant that an EDR fails to recognize, which helps them stay undetected.
The primary function of CNAPPs is to secure cloud environments by identifying vulnerabilities and misconfigurations. But they cannot detect a self-mutating script that is already running in memory. The attack happens at the application level, completely bypassing the static security checks that CNAPPs are built to perform. That’s the reason why businesses and organizations are shifting towards hybrid cloud security.
NGFWs are no longer enough because they only protect the edges of the network. An AI-powered threat can operate entirely within the network’s interior. Since it doesn’t need to make external calls or send data to a command-and-control server, it can conduct its entire malicious campaign without even triggering a perimeter-based defense.
The self-mutating aspect is one of the deadliest antivirus bypass techniques that allows automated ransomware to stay completely off the radar.
Cybersecurity threats have significantly advanced in the past few years. So much so that hackers exploiting AI for ransomware attacks will soon become a dreadful threat to businesses and organizations.
So, here are the 3 defense strategies from MIT Sloan that can help businesses and organizations avoid such AI-powered attacks-
Automating all routine tasks, like implementing self-healing software code, a zero-trust-based architecture, and self-patching systems, can reduce overall manual workloads. Not just that, but this can offer robust protection against such AI-powered attacks that mainly target vulnerabilities of the core system.
AI can create a new layer of active defense. This involves setting up “honeypots” and decoys that lure in and confuse attackers, buying your team crucial time. These systems can also autonomously neutralize threats and quarantine infected systems before they can do more damage, thereby offering some protection against ransomware.
AI-powered security platforms go beyond simple alerts. They can analyze vast amounts of data to identify subtle, complex attack patterns that humans would miss, providing your team with deep insights and predictive threat intelligence that allows for a more strategic, proactive defense.
So, what the professionals could do is stay aware, learn about the current threats, and deploy an AI-based defense system that doesn’t just detect, but can analyze and stop such intelligent threats as they face them.
Michael Siegel, the principal research scientist and director of Cybersecurity at MIT Sloan, states, “The autonomous nature of things has caused there to be a reexamination of the way in which we defend ourselves and the way in which we have to look at both old- and new-style attacks.”
That being said, if you enjoy reading posts on cybersecurity and ransomware, and want to contribute your insights, send us your writings under our write for us tech category today!
An AI-powered autonomous ransomware campaign is a type of attack where a large language model (LLM), orchestrates the entire malicious campaign from start to finish without any human intervention.
AI-powered attacks are different from traditional ransomware because it doesn’t have any human hacker controlling their attack chain. This makes the campaigns faster, more scalable, and highly efficient. Traditional ransomware relies on a static, pre-written code. AI-powered ransomware can dynamically adapt to its environment and evolve to evade detection.
This threat is no longer theoretical. Although it is fully autonomous, AI-powered ransomware is not yet widespread in the market;, a proof-of-concept prototype, dubbed ‘PromptLock,’ has already been created by security researchers at New York University.
Generative AI, like LLMs, serves as the brain of the attack. It allows the ransomware to ‘think’ for itself. It helps the malware to create unique, polymorphic code at runtime, analyze the target network to identify valuable assets, and craft personalized, convincing extortion messages to maximize the likelihood of payment.
Industries such as healthcare, government, and manufacturing face the most risk from such attacks. These sectors are prime targets because the disruption of their services or the theft of their data can have devastating consequences, making them more likely to pay a ransom.
Mr. Robert Willson is one of the few geeks who never gets tired when it comes to technology. From the latest gadgets to AI and machine learning, Mr. Willson translates them into easy-to-digest insights. Where there is tech, there is him!
Timepieces for the Stars: Impressive Celebrity Wrist Watch Collections
Leonidas – The New High-Power Microwave Technology to Neutralize Drone Attacks
AI-Powered Ransomware: The Nightmares of Cybersecurity Experts!
UX for Neurodiversity: The Road to an All-Inclusive Digital World
AI Trader App for Beginners to Earn Passive Income
