Ransomware was the top issue on many people’s minds during Infosec Europe and now Cardiff University is deploying an AI to help us understand how hackers target big events – and do something about it.
‘Drive-by downloads’ of ransomware can be done simply by clicking on what you think is just an embarrassingly intriguing clickbait article.
Moments later, a pretty standard warning sign will flash up letting you know you’ve been done and ordering you to pay up pretty quickly in bitcoin, or your files are lost forever. Your computer can even become enlisted in a wider zombie network designed to spread viruses further.
To try to combat this, researchers from Cardiff University’s School of Computer Sciences and Informatics have been training up a computer to trawl through tweets and identify malicious code behaviour in a URL.
Many anti-virus software packages rely on databasing the underlying signature of the malware and matching new threats based on ones already seen. Trouble is, upwards of 200,000 new pieces of ransomware are appearing every day, many with superficial changes to disguise them from anti-virus programs.
Having done early testing around the Cricket World Cup and the Superbowl, the team is now deploying its technology during Euro 2016.
They say it can currently spot a socially-driven attack within 30 seconds of it happening, with 89 per cent accuracy. But it’s hoped that this can be developed into a real-time, pre-warning system to stop people clicking malicious links in the first place.
Speaking to Travis Smith, senior security research engineer at threat analysis specialist Tripwire, it’s clear we’re still at the prevention, rather than cure, stage of ransomware.
“Ransomware uses advanced encryption that would take a supercomputer years to decrypt. There’s a higher success rate with end consumers but the value of targeting enterprises is obviously much larger.
He says that if the ransom warning is ignored, many ransomware pedlars will simply move on, but that obviously doesn’t help you get your files back.
His advice is backup, backup, backup. “Not a lot of companies do this and even those that do don’t do it right. We tell people to keep backups on three different mediums, in two separate locations and do it every day.”
That’s not exactly feasible for a normal user, but it helps to be wise to clicking links from untrusted sources, particularly as attackers are getting ever better at faking it.