Jim McGann is Vice President at Index Engines.
Many cybercriminals are rich. They might drive expensive cars and live in mansions, making millions annually. Some are funded by governments that use ransomware for cyber warfare, but most cyber organizations are just in it for money—lots of money.
Like any successful business, these criminal organizations have developed sophisticated software development departments that rival many of the companies they attack. Many threat actors have adopted advanced programming tools like Rust and have even embraced AI to deploy data corruption techniques that circumvent common security applications in place today.
Keeping Pace With The Threat Landscape
Many companies have not kept pace with these dangerous innovations and are vulnerable to the latest threats. Penetrating a data center has become straightforward, bypassing even the most advanced prevention applications responsible for safeguarding the organization.
This has been seen in very public examples, including the attack at MGM in Las Vegas where the bad actors at Scattered Spider called into the IT help desk and manipulated access to an administrative password as well as the Phobos variants bypassing prevention tools to gain access to critical infrastructure through vulnerabilities in remote desktop protocol (RDP) ports. Ransomware prevention tools are not futile; however, they’re not enough to protect an organization’s data.
Once cybercriminals penetrate the data center, they use ransomware variants to wreak havoc on the organization’s data. These variants have advanced significantly over the years—from basic encryption approaches to advanced AI-based applications. Russia-based Forest Blizzard, North Korea’s Emerald Sleet and Iran’s Crimson Sandstorm have advanced their approaches by leveraging AI. Some of the common AI-based variants are based on advanced methods that leverage adaptive code, content obfuscation, metamorphic and polymorphic malware, and so on.
How do organizations respond to these latest destructive threats? How do they minimize the impact of an attack? How do they protect their critical data assets and minimize data loss from an attack? How can they get production databases that run their businesses operational and avoid reverting to manual paper processing? How do they develop a robust cyber resiliency strategy given that threat actors are amplifying their weapons?
Critical Insights
The most critical aspect of any cyber resilience strategy should be focused on data. Not only user files but production databases, which are the mainstay of most organizations. Most organizations have a data protection effort in place, but many don’t have a cyber protection strategy that ensures the data’s integrity. With the advent of these advanced ransomware variants, knowing your data is clean and uncorrupted from these new malicious techniques is nearly impossible—unless you leverage AI.
Monitoring enterprise data with AI has many advantages, including early detection, automation, accuracy and scalability. Scanning enterprise data and applying AI-based machine learning models that have been trained to detect patterns of ransomware corruption can minimize the impact of these threat actors even as they adopt AI themselves. In a sense, it’s AI battling AI—a much smarter approach versus bringing knives to a nuclear combat.
At the highest levels, you can break down the use of AI to perform data integrity scans of critical files and databases into a few critical steps. If you compromise on these steps, it will result in bad actors covertly manipulating data.
Better Training, Trusted Results
Training AI models is the most critical aspect of a trusted data integrity AI/ML solution. If you’re fighting a war, you want to know what the enemies are doing. Training on what ransomware variants do to data is the best approach here. The challenge is that you need to detonate actual ransomware—a risky proposition but the only reliable and accurate method for training AI models. As ransomware is detonated, it can be studied and classified into several generalized patterns. AI will then understand these patterns and can not only detect them with accuracy but anticipate future activity.
Once AI models are trained and ready, the next critical component is data scanning. Scanning data can provide the information and patterns of change that the AI model will use to determine if the change matches a classified pattern of corruption. Scanning at the byte level is the only reliable method to achieve accurate results. Knowing that threat actors are using AI to develop variants that hide their corruption deep inside files and databases, byte-level analysis is the only method that will find this malicious activity.
Protecting Our Future
Sophisticated ransomware attacks, driven by financially motivated cybercriminals and state-sponsored groups, have created an evolving threat landscape. These adversaries leverage advanced tools (including AI) to bypass traditional security measures and infiltrate critical infrastructure, leaving organizations vulnerable to devastating data corruption.
To counter these threats, organizations must adopt robust cyber resilience strategies centered on advanced AI-driven monitoring—ensuring early detection, accurate threat identification and proactive defense against ongoing ransomware techniques.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?