Future-Proofing Against Ransomware | Navigating the Risks of Emerging AI and ChatGPT Technologies

Safeguarding your data against ransomware threats today has become challenging due to the emergence of AI-powered ransomware and the influence of AI tools like ChatGPT. WeDoIT is slowly emerging in this space to help organizations prepare against the use of AI-powered ransomware and leveraging security automation to protect their valuable information assets.

Introduction

The digital realm has always been a double-edged sword, with each new technology being misused for malicious purposes by threat actors. As technology continues its relentless march forward, AI (Artificial Intelligence) and LLMs (Large Language Models) are playing a prominent role. But with them, the cyber threat landscape is also undergoing a major transformation. Particularly ransomware.

Ransomware attacks that have long plagued businesses and individuals, holding critical data hostage and demanding hefty ransoms for its return, are now following a new and unsettling trend – the use of AI tools by threat actors to amplify the sophistication and effectiveness of ransomware attacks.

As the battle lines shift in the fight against cybercrime, WeDoIT is helping organizations understand the evolving tactics of AI-wielding threat actors. It is the first step toward building a more secure and resilient digital future and advising and implementing to choose the most robust anti-ransomware solution that can help they stay safe,

Statistics: Rise in Ransomware Attacks

Here are a few statistics that will help paint a vivid picture of the threat of ransomware and how it’s growing.

• According to the AAG, 26% of respondents experienced an increase in email threats last year, with 88% becoming ransomware victims.
• 46% of business and security leaders worldwide believe that generative AI will enable threat actors to employ advanced adversarial capabilities such as phishing, deepfakes, and developing AI-based malware, as per Statista.
• According to the NCSC (National Cyber Security Centre), AI lowers the barrier for low-level threat actors and hackers-for-hire to carry out effective operations for access and reconnaissance – a factor that will contribute to ransomware in the next two years.
• Threat actors have taken on an opportunistic mindset, compromising networks within 24 hours of discovering vulnerabilities. They also understand industry nuances to select targets. In 2024, gaming studios will be the target of the rising ransomware attacks.
• The Who’s Who In Ransomware Report (Q2 2023 edition) has predicted that an individual, organization, or device every 2 seconds.

How Do Future Ransomware Risks Look Like

As AI continues to grow, so will its potential use in malicious activities because ransomware attackers leverage AI in multiple ways and may bypass the security mechanism of current anti-ransomware solutions. Here’s how.

• Target Selection and Vulnerability Identification Capabilities: AI can analyze massive amounts of data to thin out specific high-value victims with great accuracy, allowing threat actors to pinpoint individuals, businesses, and critical information infrastructure (CII).
• Attack Execution and Propagation: These tools can automate tasks like launching cyber attacks, exploiting vulnerabilities, and replicating across networks for faster, more widespread, and more efficient attacks.
• Ransomware, Quantum Computing, and Encryption: Quantum computing is still in its early stages, but it holds the potential to break current encryptions that protect our data. Threat actors can master these to make a current defense against ransomware ineffective.
• Ransomware Gangs: Threat actors who specialize in ransomware can leverage AI to get assistance in coordinating attacks, negotiating with victims, and even developing out-of-the-box attack techniques.
• Changes in RaaS (Ransomware-as-a-Service): RaaS tools enabled low-level threat actors already, and AI could further democratize ransomware attacks and make them more accessible to threat actors with less technical expertise and widen their target pool.

Influence of AI and ChatGPT on Ransomware and Automation

So, where do ChatGPT and other evolving AI tools come into play?

• Advanced Phishing Emails: GPT-like models can analyze successful phishing campaigns and use the data to generate realistic phishing emails and social engineering content. There has already been a 1,265% spike in phishing emails with ChatGPT’s launch.
• Automated Security Evasion: AI can be employed to develop and adapt evasion techniques in real-time, allowing ransomware to bypass traditional security measures like EDR (Endpoint Detection and Response) systems.
• Ransomware Attack Automation: Repetitive tasks involved in preparing and executing ransomware attacks, such as vulnerability scanning, credential stuffing, and lateral movement within a network, can be automated using GPT tools.
• Ease of Ransomware Attack Execution: By automating tasks and creating sophisticated code for malicious tools, AI can lower the technical entry barrier for aspiring cyber criminals.
• Customized Dark Web Services and Adaptation of Attacks: Dark web marketplaces offering RaaS (Ransomware-as-a-Service) could leverage AI to provide customized attack tools and services tailored to specific victim profiles or industries.

Beyond Lockbit – A Massive Win but at What Cost

Let us take the example of Lockbit. The takedown of the threat actor group by international law enforcement (Operation Cronos) in early 2023 marked a significant victory for us. While the LockBit takedown is a positive development, it’s important to acknowledge the potential for unintended consequences.

Lockbit’s threat actors were acting autonomously, which obviously made it difficult to dismantle the organization completely. And the disgruntled affiliates or the ones trying to avoid prosecution may splinter off, trying to form new ransomware groups under different names. They might not have all the capabilities individually but could easily leverage AI tools to initiate massive threats.

Such behavior was also seen in the case of the Conti ransomware gang, which ceased its operations after the ransomware group’s private chats were leaked. However, it was not long before researchers came across Black Basta ransomware that shared tactics and techniques with Conti and is believed to be an offshoot of the original.

How WeDoIT Is Helping Organizations Future-Proof Their Strategies Against Ransomware

There’s a lot that organizations can do to prepare themselves for the rising ransomware threats and future-proof their strategies. WeDoIT‘s anti-ransomware solutions help organizations fortify their security perimeter and protect their information assets. Here is how organizations can stay ahead in the race against ransomware threats:

• Updating Policies and Adoption of Enhanced Industry Standards: You should implement industry frameworks like NIST Cybersecurity Framework, MITRE ATT&CK, or ISO 27001 to establish best practices and improve the security posture.
• Regulatory Compliance: Understand and comply with data privacy regulations such as GDPR, CCPA, and HIPAA.
• Leveraging AI-ML for Security Automation: You can utilize AI- and ML-powered (machine learning) tools for threat analysis and detection, automated incident response, and vulnerability management.
• Enhancing Incident Response Planning & Capabilities: You need to develop a comprehensive incident response plan outlining roles, responsibilities, and procedures for handling ransomware attacks.
• Regular Data Backups and Recovery Plans: Regularly testing backups and recovery procedures is necessary and can also help ensure that they function properly during an attack.
• Adopting Zero Trust Architecture: You should implement a ZTA to minimize the attack surface and restrict access privileges to help mitigate lateral movement within organizational networks.
• Cybersecurity Awareness and Training: This one is often overlooked, but regularly training employees on cybersecurity best practices, including phishing email identification, password hygiene, and reporting suspicious activity, is key.

Final Words

The future of ransomware definitely presents its new set of challenges with the potential integration of AI, but proactive measures are key to a more resilient defense. Organizations and individuals need to understand the evolving threat landscape and take on a multi-pronged approach to navigate the complexities and keep their data safe. It’s not just the WeDoIT group alone; it has also partnered with key industry players in the cybersecurity space, such as Cynet and RiskWorkers. This strong collaboration has helped WeDoIT equip organizations to tackle advanced ransomware threats more effectively and efficiently, thanks to the extensive network of cybersecurity experts and advisors involved.

References

1. Boehm, J., Hall, F., Isenberg, R., & Michel, M. (2022, February 14). Ransomware prevention: How organizations can fight back. Mckinsey.com; McKinsey & Company. https://www.mckinsey.com/capabilities/risk-and-resilience/our-insights/ransomware-prevention-how-organizations-can-fight-back

2. Dvoskin, O. (2023, January 25). ChatGPT could automate malware production. Morphisec.com. https://blog.morphisec.com/chatgpt-malware-production

3. Global ransomware threat expected to rise with AI, NCSC warns. (n.d.). Gov.uk. Retrieved February 26, 2024, from https://www.ncsc.gov.uk/news/global-ransomware-threat-expected-to-rise-with-ai

4. Hill, M. (2023, April 28). 5 ways threat actors can use ChatGPT to enhance attacks. CSO Online. https://www.csoonline.com/article/575205/5-ways-threat-actors-can-use-chatgpt-to-enhance-attacks.html

5. How to prevent ransomware attacks: Top 10 best practices. (n.d.). Upguard.com. Retrieved February 26, 2024, from https://www.upguard.com/blog/best-practices-to-prevent-ransomware-attacks

6. Ransomware protection: How to keep your data safe in 2024. (2024, January 18). Www.kaspersky.com. https://www.kaspersky.com/resource-center/threats/how-to-prevent-ransomware

7. Stockley, M. (2023, November 30). Will ChatGPT write ransomware? Yes. | Malwarebytes. Malwarebytes.

8. The future of ransomware. (n.d.). Trendmicro.com. Retrieved February 26, 2024, from https://www.trendmicro.com/vinfo/gb/security/news/cybercrime-and-digital-threats/the-future-of-ransomware

9. The near-term impact of AI on the cyber threat. (n.d.). Gov.uk. Retrieved February 26, 2024, from https://www.ncsc.gov.uk/report/impact-of-ai-on-cyber-threat