Ransomware has been a growing and shrinking problem in the modern world. Every time I think that some new defenses and protections are preventing ransomware from being a problem, I see another issue. Recently, I saw Subway got hit with with an attack and a few friends have recently noted their companies were restoring systems after a portion of their network was locked down.
With the advent of Rasnsomware-as-a-service, where criminals deploy software and then sell access to others, better detection and protection become more important. As with any software, criminal human operators will use the ransomware software in different ways. That means that we don't necessarily have a simple threat that can be easily programmed against with anti-virus technology.
Microsoft has been using AI technology to help them track and combat ransomware campaigns. Since there are similarities between how ransomware is used by different individuals and how it appears in systems, AI technology can be helpful here. There aren't the same simple signatures on files that we've seen in the past with viruses, but rather more complex patterns. Humans might discover how ransomware appears in their environment with lots of knowledge on what their network ought to look like, but this pattern matching across many different networks and organizations is something that AI/ML might do quicker and at scale. Once successful, ransomware can be hard to recover from, so early detection is important.
In the article, it seems that Microsoft is capturing lots of traffic and analyzing it for patterns, with multiple types of anomalous activity, and then aggregating this across devices to guess whether this is an attack or not. In some of their testing, they find the ability to stop an attack with only a few percent of assets getting encrypted. That's not perfect, but better than finding 90% of your nodes are encrypted over morning coffee.
I suspect this is just the latest escalation in cyber attacks and defenses. I'm sure that hackers will come up with new and novel ways to cause problems, but I do think that this is a place where AI, especially ML, technology can be useful to provide better security. I also think that database technology, especially graph queries, is particularly helpful here. I hope we learn more about how they are building protections as I think this is likely a great data analysis story.
Once again, the database is critical to making software better because all of that data has to be stored and queried somewhere.