Long gone are the days when you actually had to have a captive individual in order to demand a ransom. Nowadays that would even be very uncommon, as much more often it is digital property rather than a person that’s been captured and the takers are looking to get paid if that property is to be released. We’ve gone on here at some length about how costly it can be for some companies when they choose to be lax about cybersecurity, and especially nowadays. The age old dance with all of this remains the same - security improves, threats evolve, security improves to counter those evolutions, and then threats evolve again.
And of course it’s the bigger fish that need to be concerned about frying. If you’re one the smaller side of the scale when it comes to running a business you probably won’t get targeted, but there’s still not guarantee you won’t be. We don’t claim to be web security experts, but here at 4GoodHosting we’re like any good Canadian web hosting provider in that we can point you in the direction of one of them if that’s what you need. We do have an understanding of the basics on the subject and that’s part of the reason why we’re fairly keen to share any news related to it here, especially when it means even better means of avoiding a ransom situation.
So what is newsworthy here is a new technology that is in the process of proving itself to be MUCH faster for identifying ransomware attacks and detecting them early enough so that countermeasures can be implemented - something that will be part of a complete cybersecurity plan that is a much for any business that is of a sufficient size that there’s potentially serious loss if data is accessed and then taken for ransom.
Malware Meeting Match?
A new approach for implementing ransomware detection techniques has been developed by researchers, and the appeal of it is that is able to detect a broad range of ransomware far more quickly than using previous systems. We will at this point assume we don’t need to provide much of an explanation about what ransomware is here, but if we do then it is a type of malware and when ransomware infiltrates a system, it encrypts that system's data and it becomes immediately inaccessible to users.
What will follow next are the demands; the people responsible for the ransomware make it clear to the system's operators that if they want access to their own data they had better be sending money. And this type of digital threat has already proved plenty expensive. The FBI says they received 3,729 ransomware complaints in 2021 and the amount paid out in ransom is around $49 million. That’s a lot of money, and it makes clear why the attackers are going to lengths they are to improve on the sneakiness of their ransomware and then putting it out there.
We do know that computing systems already make use of a variety of security tools that monitor incoming traffic with an eye to detecting potential malware and preventing it from breaching the system and new ransomware detection approaches are being evaluated all the time by many different interest groups and developers. A lot of it is very effective IF it can be implemented in a timely way.
The challenge here is detecting ransomware quickly enough to prevent it from fully establishing itself in the system. File encryption begins as soon as ransomware enters the system, so if the counterattack can be made aware of it’s time to go then that is boing to be very beneficial.
FAXID Pairs with XGBoost
What’s getting buzz these days and why we are on this topic is a machine-learning algorithm called XGBoost. It has been proven effective for detecting ransomware for some time, but up until now when systems run XGBoost as software through a CPU or GPU it doesn’t run quickly enough. Add to that attempts to incorporate XGBoost into hardware systems haven’t gone as well as hoped because of a lack of flexibility.
By focusing on very specific challenges it becomes difficult or impossible for them to be on top of the entirety of ransomware attacks types and being able to identify them as soon as needed.
But this new FAXID technology is a hardware-based approach that allows XGBoost to monitor for a wide range of ransomware attacks and do so much more quickly than with the existing software approaches
Not only is FAXID just as accurate as software-based approaches at detecting ransomware, but the speed it could so in with was drastically faster. FAXID was up to 65.8x faster than software running XGBoost on a CPU and up to 5.3x speedier as compared to software running XGBoost on a GPU.
FAXID is also getting high marks for the way it allows us to run problems in parallel and rather than allocating all the security hardware's computing power to separate problems you could devote some amount of the hardware to ransomware detection and another percentage of the hardware to another challenge like fraud detection or some other identified threat that may be present in unison.
This has a lot of potential for cybersecurity as a whole given the current atmosphere where ransomware attacks are becoming much more sophisticated. People in business should be thankful these types of advances are being made as it may be contributing to preventing them from quite the expensive headache in the future.
