Cyber Security

Is cybersecurity based on ML capable of reducing risk? Yes, with Vectra AI

Is cybersecurity based on ML capable of reducing risk?  Yes, with Vectra AI
Written by ga_dahmani
Is cybersecurity based on ML capable of reducing risk?  Yes, with Vectra AI

The dissemination of information has two paths. On the one hand, commerce is enabled, but on the other, so are the criminalized branches of commerce, and as a result, evolved ransomware is one of the most dangerous threats on the internet today. It’s a low cost, high benefit model, and the threat is evolving to keep up with changes in the way we work.

Ransomware gangs and their associates are in the business of making money, they have an ROI mindset. Groups and individuals learn new techniques, leveraging their skills to gain access to systems and data, and steal, ransom and return, or simply encrypt and collect.

The latest ransomware variations actively scan the network for file shares on servers and computers that the compromised host has access privileges to, then spread from one device to a host of others.

Due to the operational downtime and data loss caused by encrypting file shares by ransomware, attacks become incredibly expensive. When a business is the target of a ransomware attack, it’s an all-in situation that requires urgent action to recover systems while holding business operations hostage.

When the target is a cloud service provider and the encrypted systems are those of their customers, downtime gets even worse. In 2019, ransomware attacks hit cloud hosting companies and iNSYNQpreventing more than 30,000 clients from using its services.

In the same year, ransomware evolved from opportunistic to attacks targeting companies willing to pay a higher ransom to regain access to their files. And yet, companies seem to continue to pay – they rarely admit it – with an obvious increase in the amounts demanded.

Network File Encryption in Ransomware


Documents that are stored on shared volumes are often considered “backups” as well as the only copy of information to allow for better productivity while sharing information for teamwork (especially important for mobile workers).

With document access on network shares, a single host can block document access across multiple departments in a specific organization thanks to high-capacity data storage.

There is also deep integration with many cloud services that abstract from the user, but are very attractive to attackers. Integrated cloud-based file sharing services (for example), allow local attacks to spread to shares hosted anywhere. And the more integrated these services are (“sign in with your Google account credentials”), the greater the scope of potential harm to the business as a whole.

That goes some way to explaining why, according to , the number of attacks may be declining: fewer attacks, sure, but increasingly effective, lucrative, and impactful as methods evolve.

The fact that the total number of detections is decreasing does not indicate that companies should relax and not take any security measures. Whether it requires an investment in additional backups, loss of reputation, loss of IP, or business interruption, ransomware is very, very expensive and, in some cases, terminal.

How Vectra AI Tackles Ransomware

The evolution of ransomware has moved technology away from broad automated spray-and-pray attacks and toward highly focused human-led attacks. These new generations of ransomware often rely on stolen credentials to gain privileged access. And identity-based threats are not detectable by signature-based security measures, at least until the payload drops and victim-hosted code begins to exhibit atypical behavior.

If ransomware evolves, so must its detection and response. The use of AI in this case is perfect for detecting hidden and unknown attackers in real time, allowing quick and decisive action. Machine learning algorithms that detect anomalies can generate early warnings, helping businesses isolate potential infections before lateral spread of the encryption payload.

The Vectra AI platform looks for telltale symptoms of a ransomware compromise, such as reconnaissance, lateral movement, and command and control in network traffic that includes packets to and from the cloud and IoT devices.

As Vectra AI is the solution that can see and stop ransomware before it can hurt you. Click here To discover more.

About the author


Leave a Comment