How Microsoft's AI spots ransomware attacks before they even get started

Image: Shutterstock

Microsoft has revealed how artificial intelligence (AI) technologies are used in the fight against ransomware. 

Ransomware is one of today’s most prolific and vicious digital threats. Ransomware families including Locky, WannaCry, NotPetya, and Cerber plague consumers and businesses alike, locking up infected systems and demanding payment in return for decryption keys, which may or may not return access to encrypted files. 

Ransomware as a service (RaaS) is also now a standalone and popular criminal business. Operators can purchase access to ransomware for use in their campaigns, whether they are targeting the general public en masse or going after ‘Big Game‘ enterprise companies. 

SEE: Ransomware attacks: This is the data that cyber criminals really want to steal

According to Microsoft’s 365 Defender Research Team, human-operated ransomware campaigns are complex and multi-faceted, which can make early detection very difficult to achieve – especially as the campaigns continue to evolve.

In a blog post on Tuesday, the tech giant said it was exploring “novel ways” to harness AI in the face of an “increasingly complex threat landscape.”

Microsoft is focused on disrupting the earliest stages of a ransomware attack with AI enhancements for Microsoft Defender for Endpoint. In what the company calls “early incrimination,”

Read More: