How Machine Learning Can be Used to Prevent Ransomware

Some say problems are just opportunities for creative solutions. For technically inclined individuals, this can mean writing a new computer program – or for super complex problems, recruiting a little in-human help known as machine learning (ML) technology.

Consider this: If you wanted a computer to recognize hand-written letters, it would be difficult to write a program given all of the handwriting variations. Even if you could account for these differences, developing the program itself might be too time-consuming or overly complicated.

With today’s machine learning technology, such a complication doesn’t mean “game over.” Rather, you can leverage this technology to solve the same problem in new situations by feeding it examples for analysis. These examples serve as reference points for correct letter identification. Essentially, the goal is to teach the computer to solve by example, or find common patterns – just as you might teach a young child to distinguish between a cat and a dog.

ML is a field of study within artificial intelligence (AI) that harnesses the principles of computer science and statistics to create statistical models. These models are used to do two things:

• Infer: Discover patterns in data
• Predict: Make (highly accurate) projections about the future based on data about the past

Where ML technology is different is that AI usually concentrates on programming computers to make decisions (based on ML models and logical sets of rules), whereas ML focuses more on making predictions about the future.

Today machine learning technology has numerous use-cases. In the data protection industry, a key application is fighting ransomware.

But let’s back up: What is ransomware?

You may recall hearing about the ransomware Wannacry in the news, as it was one of the first large, widespread attacks to capture media attention more recently. Wannacry is just one strain of malware – or malicious software – that was introduced to computer systems (in that case, Microsoft Windows) and designed to block access to data until a ransom was paid.

Ransomware is the general term for such a cyberattack. If paid, there’s no guarantee that your data will be restored. Meanwhile, for businesses that fall victim, the expenses incurred can include costly data-retrieval efforts to lost business and reputational damage.

This quickly growing threat is particularly worrying because attacks today are sophisticated and expansive. Cybercriminals can now leverage ransomware-as-a-service kits, allowing unexperienced cybercriminals to deploy complex, undetectable attacks with ease – exponentially increasing the threat at hand.

Fortunately, ML’s advanced capabilities offer a bright light at the end of the cyber protection tunnel.  

As noted above, the secret weapon ML wields is the power of prediction. This power is super-charged with access to more – and more refined – data points from which it can learn. Think of it like playing chess with the same partner over and over, and then doing the same with hundreds of other players. Over time you learn your opponents’ tendencies and can anticipate their next move. By drawing on the lessons learned from other opponents, you have more options to consider so you can adjust your own strategy accordingly.

In the case of machine learning and data protection, stack trace analysis is the foundation of the ML process. Consider this: as a program runs, there’s a track record for what happens at different points in time. By analyzing what happens at each stage, normal activity becomes clear and a reference model is created. In the case of a ransomware attack, new code would be injected into this process – which is readily noticeable.

The strongest software solutions use ML that considers only the most popular reference points and excludes aberrations. This approach further refines the machine’s knowledge of good versus malicious code – not only increasing accuracy, but boosting software performance, as the machine learning model consumes much less data to run.

With an ever-evolving threat like ransomware, it’s not enough to have traditional anti-virus software in place, which solely defends against known threats. Active protection must be integrated into your backup solution to effectively defend against evolving strains of malware, also known as zero-day threats.

Pro Tip: Find a backup solution with an auto-restore feature. This technology is essential to recover any data that may have been impacted prior to detection, quickly retrieving that data from the most recent backups or cache.

There’s a reason walls were built in ancient times: to keep the unknown out and ensure the gatekeeper’s advantage. In times of cyberwarfare, walls need to be constructed around IT infrastructure.

Why is that? Cybercriminals quickly realized that their targets could avoid disaster by having access to backup files. This meant attackers needed to change their approach by infecting backups (in addition to files) with ransomware.

Today with the right solution, you can retain control of your data and keep danger at bay – from servers to endpoints – by actively protecting your borders (i.e. backup software). With the help of ML-enabled software, self-protection is possible again.  

For the most secure backup, your software checklist should include:

• Constant monitoring for malicious activity
• Active detection for never-before seen ransomware strains
• Immediate blocking of questionable behavior
• Automatic recovery of damaged files

Better still, each of these capabilities should be in place to protect your network shares as well as external drives and removable devices, like USB flash drives, external USB hard disk drives, memory cards and even photo, video and other media devices that could be mounted as a volume.

What happens to one piece of hardware can be a domino effect for the entire organization. However, you can harden your defenses inside and out by enabling active protection at each opportunity.

While the threat of ransomware is ever-evolving, machine learning technology is too. Acronis Active Protection leverages the latest technology to deliver advanced protection against ransomware on all fronts – from external drives and removable devices to mobile devices, desktops and laptops, servers, networks and backups. Integrated into Acronis solutions like Acronis Backup and Acronis Cyber Cloud, it’s possible for small businesses and service providers alike to rest assured ransomware has no business at theirs.