Whitepaper: Detecting and stopping ransomware attacks with AI


Johannesburg, 23 Jun 2021
Read time 1min 30sec

Ransomware attacks are synonymous with ransom demand for valuable data held hostage by the attacker. The ransom can be quite a non-trivial amount for businesses and enterprises as stakes get higher. Also, holding a critical server hostage by rendering it inoperable means instant loss of productivity and if we apply that across multiple endpoints and servers, we’re looking at an amplified loss. What if there is no guarantee that the malefactor is going to release the key to terminate the ransomware kill chain, even after receiving the ransom demanded? What if the perpetrator has syphoned data from the endpoint or host with the intent of trading personal information and business sensitive data in the dark web for commercial gains or other harmful reasons?

There can be several steps leading to a ransomware attack. The attacker may decide to hide the payload in a malicious word document as a macro which can be sent through a phishing email, drive-by download or a file transfer. However, in almost all cases an infected attachment triggers a chain of events, starting with a malware or trojan finding its place on an endpoint.

Most advanced ransomware attacks are based on fileless malware that uses advanced techniques and can evade detection by advanced toolsets relying on malware signatures, sandboxing or even machine learning techniques involving cloud based analysis of several endpoints. In this paper, we touch upon how aiSIEM/aiXDR detects and stops ransomware and other types of malware associated with ransomware attacks.