Getting ahead of the surging wave of GenAI-powered ransomware

For businesses today, they must holistically reevaluate how they look at GenAI, how it impacts people and process and how best to integrate it into their operations to prepare for known and unknown threats looming on the horizon.

GenAI and ransomware today

GenAI and other AI software’s analytical capabilities and operating speeds have given bad actors the potential to generate a plethora of malware programs in rapid timeframes. These never before seen, unique viruses, also known as “zero-day exploits” are not recognised instantly by cyber defenders and anti-malware software and are becoming more commonplace in ransomware attacks.

A significant development in the evolution of ransomware has also been the ransomware as a service (RaaS) business model. As the name suggests, these are groups of people that sell ransomware to other bad actors who do not wish to or cannot develop their own. If you keep in mind the growing ease of generating unique malware, we can be looking at a rapid increase in new malware programs which will be more difficult for basic endpoint detection software to keep up with.

See also: 80% of AI projects are projected to fail. Here's how it doesn't have to be this way

Ransomware attackers are no longer purely after data, but rather they aim to shut down or compromise the operations of a company which will force boards to respond to their demands. Supply Chain, utilities, manufacturing and logistics are historically enterprises that have underinvested in cyber. Ransomware attackers are taking note of these gaps and exploiting these existing vulnerabilities.

As companies around the world move towards increased digitalisation and more sensitive data than ever is stored on the cloud, these trends are especially worrying. For modern businesses, the next critical step is to look beyond perimeter protection and look within.

Fighting fire with fire

See also: Responsible AI starts with transparency

The solution lies in the threat itself: GenAI. Companies can utilise the software itself to minimise the window of opportunity that bad actors have when attempting to gain access to their internal networks, and even stop them in their tracks. In order to reap the full advantages of having an AI-assisted cybersecurity team, we must first take a closer look at how we are integrating AI into our cyber work.

Corporations should firstly look to adopting an “AI for Cyber” approach where they implement AI solutions in their own cyber defences. Much like how the software is used as a tool for creating new malware, it can also improve the accuracy of malware detection, improve how we manage access to business assets and automate cyber defences to operate at line speeds.

For instance, machine learning and deep learning programmes that rely on statistical analysis can oftentimes help companies pre-empt zero-day exploits from gaining a foothold in their network or systems. By establishing and “learning” the elements of normal activity in a company network, the programs are better at detecting abnormal or out of the ordinary activity and weeding out intrusions in real time.

Alongside the “AI for Cyber” approach, businesses must also roll out “Cyber for AI”. As businesses become more reliant on AI to drive their primary lines of businesses, the number of potential targets for ransomware attacks grows. There will be new risks associated with the usage of AI and businesses should take active steps to mitigate these new cyber risks. This includes incorporating safe AI usage guidance within the business cyber framework and ensuring that data policies and technical controls are updated to account for the business use of AI.

A business that attempts to build resilience by ensuring that its data has been securely backed up, in immutable form, is a great example of one that is implementing resilience. In the event of a successful ransomware attack, the sensitive information can be retrieved safely and quickly, provided systems are backing up on a regular business. This will minimise business downtime while the threat is dealt with and reduce the net harm from a business and data perspective from the incident.

Building up resilience against ransomware attacks cannot stop there, however. Businesses must ensure they also incorporate other defence measures, such as investing in Business Continuity/Disaster recovery planning for cyberattack scenarios and running tabletop simulations of cyber-attacks for staff to know what steps to take in the event that data is compromised.

Privileged identities within an organisation – those that have database administrator access and advanced permissions – must also be managed very carefully since they are usually the ones to be targeted in sophisticated attacks. This requires a combination of not just software protection, but also employee awareness of the newer iterations of phishing and spear phishing scams that they might come across.

Phishing emails, which used to be synonymous with bad grammar and badly created graphics, are no longer as clumsy partially thanks to GenAI’s content creation capabilities. This means we must be more vigilant now than ever about how we interact with emails from addresses we do not recognise and update data security training for internal stakeholders to ensure that everyone is aware of the newer tactics and strategies being used by ransomware attackers.

In the world of cyber security, it is clear that prevention is better than cure. To truly defend ourselves against these up-and-coming threats, we must invest in our own Gen AI capabilities and AI software to create a more robust cyber defence while also having more advanced recovery protocols in place.

Jeremy Pizzala is the EY Asia-Pacific Cybersecurity Consulting Leader and Steve Lam is the EY Asean Cybersecurity Leader. The views reflected in this article are the views of the authors and do not necessarily reflect the views of the global EY organisation or its member firms.