SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Major technology manufacturer stops ransomware attack with AI
Thu, 3rd Mar 2022
FYI, this story is more than a year old

Cybersecurity AI company Darktrace has announced that one of its customers successfully interrupted a Babuk ransomware attack with Darktrace's Autonomous Response technology, Antigena.

The multinational technology manufacturer, with headquarters in the Asia Pacific region, designs and manufactures technology solutions that facilitate the adoption of smart medical devices and electric and autonomous vehicles.

Darktrace says the organisation was using its detect, respond and investigate capabilities. The self-learning AI forms a constantly evolving understanding of the company's IT and operational technologies, allowing it to identify the subtle, emerging signs of cyber-threats in real-time.

Darktrace AI detected that a device within the business was behaving abnormally; it was performing network scanning and making unusual connections with other internal devices. The AI noted that this behaviour was out-of-the-ordinary and also malicious.

The algorithms then calculated the best action needed to autonomously contain the in-progress attack and block the infected device from making further connections while allowing normal business operations to continue both in the office and on the manufacturing floor.

These algorithms work by enforcing the normal life patterns for compromised users and devices. Darktrace says this targeted response is possible because of the AI's continually evolving understanding of what normal looks like at a granular level for each part of the company's digital ecosystem.

The AI found in its post-compromise analysis that the device was attempting to distribute files involving babyk ransomware extensions.

The double-extortion ransomware threat, Babuk, was discovered in 2021. It's a sophisticated campaign that has actively targeted high-value organisations globally. Operators have inflicted damage by encrypting files and crippling systems, and threatening to leak sensitive data if ransom payment is not received.

The attempted attack comes after warnings from government agencies about a global rise in cyber-threats, particularly those targeting critical infrastructure and organisations embedded in global supply chains.

"Ransomware attacks are effective ways for nation-states to carry out espionage, disrupt society and flex their muscles on a global stage," says Darktrace global head of Threat Analysis, Toby Lewis.

"The Babuk ransomware began its life as a Ransomware-as-a-Service (RaaS) tool, but since its source code was leaked in July, it has been adopted by several cyber-criminal groups to be used in different ways," he says.

"These attacks often strike out of hours, and so it has never been more important that the defenders of critical infrastructure use artificial intelligence to allow their organisations to self-defend against advanced threats."

Darktrace has over 6,500 customers worldwide. The company's approach applies self-learning AI to enable machines to understand the business to defend it autonomously. Headquartered in Cambridge, UK, Darktrace has 1,700 employees and over 30 offices worldwide.