Updated 16/05/17 10:26
Darktrace revealed today that a number of its customers, including an NHS Trust, successfully detected and contained the WannaCry ransomware attack on their networks on Friday. The company’s artificial intelligence (AI) technology – integrated into the various organisations cyber defence strategies – spotted the threat within minutes and contained it.
The WannaCry malware attack is unprecedented in scale and has affected over 200,000 devices across 150 countries according to Europol, including the UK’s National Health Service, Spain’s Telefonica and FedEx in the US.
>See also: The cyber threat landscape is looking more and more dangerous
Spread by a pernicious email attachment and supercharged by a worm, the stealthy malware encrypts files, with cyber criminals demanding ransom before users can regain access to their data. Traditional security tools that use rules and signatures to stop cyber-threats at the border fell short in the face of this never-seen-before and fast-spreading malware.
Unlike the old attempts to keep malware at bay, Darktrace’s Enterprise Immune System embodies a ‘pioneering, machine-learning technology capable of detecting and fighting back against stealthy ‘unknown unknowns’, such as WannaCry, automatically and in real time’.
It was modelled after the most powerful biological system, the human immune system. The disruptive technology leverages advances in mathematics and machine learning to learn the normal ‘pattern of life’ of every user and device on a network.
‘Antigena’ – its automatic response technology – acts as a digital antibody, taking proportionate and remedial action to neutralise emerging threats. For example, it can slow down or stop a compromised connection or device, but does not impact normal business operations.
>See also: Cyber crime: an unprecedented threat to society?
Darktrace’s AI technology alerted its affected customers as soon as the first signs of WannaCry emerged on their networks and as the malware was attempting to spread laterally across the respective organisations. The infection was successfully contained before it had inflicted any damage, proving the fundamental power of using AI as part of any cyber defence strategy.
“At Darktrace we catch and contain ransomware every week,” commented Nicole Eagan, CEO at Darktrace. “WannaCry bypassed traditional security defences proving them futile in this new era of cyber warfare. Security teams cannot face this challenge without the right tools in place. Darktrace’s Enterprise Immune System is a true manifestation of AI in action: detecting and stopping threats before the human teams have even had time to notice.”
How to stop it
Like most ransomware, WannaCry was missed by traditional anti-virus solutions, but there is nothing inherently unique about its encryption and extortion techniques.
Over the weekend, the team at CyberArk Labs investigated the WannaCry ransomware strain, broke down the attack vectors, and analysed how it compares to other recent ransomware attacks.
Stopping it – and other ransomware – involves implementing a combination of least privilege and application control policies on endpoints and servers throughout the organisation. In this way, all unknown applications are treated as potentially suspicious and information is protected accordingly. When tested in the CyberArk Lab, this combined approach (a combination of least privilege and application greylisting) proved 100% effective in preventing infection and dozens of other ransomware families from encrypting files.
The UK’s largest conference for tech leadership, Tech Leaders Summit, returns in September with 40+ top execs signed up to speak about the challenges and opportunities surrounding the most disruptive innovations facing the enterprise today. Secure your place at this prestigious summit by registering here