Can Ransomware Be Stopped? Yes, With Deep Learning

A quick scan of the morning news shows two parallel trends: first, the scale, severity, and payouts from ransomware attacks is growing, and second, no industry is safe. How many more wake-up calls do we need before we recognize that the approaches most organizations take to defend against ransomware are not working? 

Cybersecurity is a $165+ billion industry¹ globally, and is expected to reach $366 billion over the next seven years, a projection that may climb if the uptick in attacks continues unchecked. But, if so much money and effort is being invested in detection and mitigation tools, why are bad actors still breaching defenses, stealing data, and holding companies hostage for multimillion dollar ransoms? It’s clear that security technology isn’t keeping up with the threats.

A recent survey² of cybersecurity and business leaders found that 90 percent believe that current technology simply isn’t capable of providing adequate protection from cyberattacks. Relying on these solutions only emboldens threat actors—cyber-criminals or state-sponsored hackers—who see rewards in disrupting essential elements of daily life. 

The Catalyst Event Has Arrived

For virtually every industry, this means the tipping point has been reached: the growing threat that can take down a business or infrastructure in seconds, coupled with post-covid business environments, mean that ransomware attacks have become inevitable. Today, messaging platforms are the new break room, used for file transfers as well as quick chats, home and public WiFi has become the corporate network, and unsecured endpoints abound.

Fueled by nation-state tactics and access to sophisticated technology, attacks via email, texts, websites, and applications have become commonplace. Meanwhile, the rapid growth of Ransomware-as-a-Service marketplaces has commoditized malware; it’s no longer necessary to be a skilled hacker. The effectiveness of these methods reinforces the reasoning that prevention should be the primary goal of cybersecurity – keeping attacks out in the first place – rather than “detect, hunt, and remediate.”

Are AI and ML the Solution?

If current security tools aren’t effective, why not make them smarter with artificial intelligence (AI) and machine learning (ML)? The issue is that AI and ML-based systems used for cybersecurity are often narrowly focused, so they may miss threats that they haven’t been designed to spot. Also, machine learning requires significant human supervision—someone needs to continually feed categorized data into the model so the system can identify the latest threats. 

As a result ML security tools have been found to only detect 60 percent of unknown attacks with a one to two percent false positive rate. The situation is even worse when it comes to legacy security solutions, which can produce 30-50 percent false positives, straining resources as high-salaried experts investigate each alert. 

Enter Deep Learning

Deep learning is the next evolution of machine learning. A deep learning-based cybersecurity system takes in data and, if it deems something to be suspicious, detects it in milliseconds and determines autonomously if it should be tagged as a threat—no human intervention needed. 

Unlike ML-based tools, deep learning can recognize threats without being shown the exact code behind the attack. Raw data is categorized without assistance, just like a human brain. A well-designed deep learning solution can analyze 100 percent of the data it’s fed, producing greater accuracy and validity—in real terms, that equates to a greater than 99 percent detection rate with less than a 0.1 percent false positive rate.

To achieve these results, it’s essential to invest in a purpose-built solution. Systems adapted from facial recognition systems, for example, aren’t necessarily appropriate for the specialized needs of cybersecurity. 

What’s needed is a solution that tracks, monitors, and examines every file system operation on each machine: content changes, file size, and complexity must be correlated to file deletion and creation along with other indicators that something is amiss. Only by examining the system holistically can ransomware be stopped before it can propagate.

Many existing behavioral ransomware protection features rely on mechanisms such as honey pots, mock target files, or volume shadow copies access. But, ransomware actors are well aware of these approaches. What’s needed is a tool that monitors every file-system operation on the machine (regardless of the access method). 

 The Impact of Time 

Speed is critical to cybersecurity. When battling ransomware, reactions must be measured in milliseconds. Dwell time—how long malware remains undetected—means the software can scan systems, spread across the network, and install back doors. Deep learning security solutions take dwell time out of the equation by spotting malware, even previously unknown zero-day varieties, in under 20ms, before it can execute and debilitate your network. By meeting the attacker before it meets your environment prevention is possible.

Empowering a Culture of Security

Security should become an integral part of business operations and culture. Cyber awareness and cyber hygiene must be part of everyone’s daily routine. The right deep learning security solution will enhance and extend your security posture—it doesn’t have to mean “rip and replace,” but rather “improve and augment.” 

Zero-trust architectures can be incredibly effective by limiting access to systems and data only to those with an authorized need and confirmed identity. But as we saw during the pandemic, the greater the impact on productivity, the more likely people will find a way around it, exposing your systems to threats. The speed of business will always be the default for successful organizations and a lightning-fast security solution is what’s needed for today’s environment. 

Stopping ransomware requires a rethinking of both technology and culture. It begins with adopting deep-learning-based security today.