Leveraging Machine Learning to Combat Ransomware

It’s every enterprise’s nightmare. You’re hit by Ransomware and your data is encrypted. The business doesn’t just grind to a halt, it hits a wall.

What would you do?

Sure, you could pay the fine.  And, figures show that the majority of companies actually do that. Some of them even get their data back, but that’s a roll of the dice we should increasingly not be making.

Last year, over 5 PB of Hadoop and NoSQL data were compromised by Ransomware attacks, showing that data loss is a major threat. Then, there’s downtime, compliance failure, vital business logic and data analysis, and with it the strategy for the company. Rebuilding the data is a titanic task, and it may need to be done multiple times; in the hacker mentality, paying the fine makes certain firms a weak target and they are hit time and again.

A Deadly New Ransomware Threat

As if that weren’t costly enough, the emergence of a new type of Ransomware makes the decision of whether or not to pay the fine redundant.

Cisco’s Talos security group has just discovered Thanatos.  In Greek mythology, appropriately, Thanatos is the personification of death.  Just like other Ransomware variants, it encrypts data. You may decide to pay the fine, but the reason Thanatos is so deadly – regardless of the intentions of bad actors to de-encrypt data after receiving payments – is that they are actually technically unable to do that.

Reportedly, a flaw in the malware (intentional or not) means that even the attackers themselves are unable to ‘get the data back,’ let alone the enterprise.  Given Thanatos is the first of its kind, we can expect numerous variants to spread, increasing the odds of companies permanently losing their data. But even if your organization is capable of early detection and protection, yet another new development is set to slip Ransomware under the radar.

Instead of immediately setting out to encrypt as much data as rapidly as possible, new malware aims to do the opposite. These advanced persistent threats sit quietly, unnoticed by data professionals used to seeing large amounts of data encrypted, and relatively big anomalies; in a way, it’s easy to miss something under the carpet.  But by the time they do, the rot has set in.

The Role of Machine Learning in Combating Ransomware

Detecting potential data loss events early can be the difference between continuous operation and severe disruption or organizational failure. As the incidence of threats like Ransomware grows and Big Data platforms become more prevalent, identifying potentially dangerous activity has become critical.  That’s why machine learning sits at the core of Imanis Data’s strategy.  We believe that at a time when Ransomware is just one threat to data loss or integrity, automation is the key to addressing these challenges.

Specifically, our ThreatSensetm capability provides a critical layer of protection against things like Ransomware and other malicious attacks to help secure Big Data environments.  As shown below, ThreatSensetm leverages machine learning to minimize Ransomware incidence by using the unique data characteristics of our customers’ own data as ‘training data’ to learn what normal backup patterns look like.  With the machine learning engine aware of what ‘normal’ is, we are able through fine-grained analysis to flag anomalies, shouldering the heavy lifting for teams but more importantly, spotting things that they just can’t.  We are even able to provide predictive analysis of potential threats before they emerge.

It is inevitable that best practice data management solutions not rely on human input and interaction to make decisions. ThreatSensetm is just the first of many examples of how machine learning can and will help customers. Future use cases include:

  • Optimizing backup/restore performance – including determining best times to back up data, frequency of data backups, number of parallel backup/recovery streams, etc. in order to meet RPO and RTO needs
  • Cybersecurity – including detecting and recommending corrective action against data pattern anomalies created by Ransomware attacks
  • Optimizing storage usage – by determining data usage patterns and making decisions regarding data placement.

Using environmental data to address these challenges is the future of data management.  That is what Imanis Data is doing — leveraging machine learning to build sophisticated data models and driving data management activity from the top using customers RPO, RTO, and compliance objectives.   It’s all part of our overall strategy to provide data protection, orchestration, and automation in order to help organizations reduce risk and cost, ensure compliance, and get the most from their Big Data assets.

To learn more, please watch our webinar showcasing the role of machine learning in combatting Ransomware.

In future blogs, we’ll look at the role of machine learning in additional use-cases.

Sign Up To Receive Imanis Data Updates

Take the Next Step

Put Imanis Data to work for all your data management needs.