Is Ransomware the New Pandemic in the AI Boom?

Abstract

Modern ransomware doesn't encrypt files randomly and doesn't always demand a ransom in the traditional sense. It's targeted, patient, and increasingly focused on resources that are the hardest to recreate. Such weak points can include training datasets, model checkpoints, and painstakingly labeled datasets.

Furthermore, does ransomware need to be incredibly complex in its architecture?! Well, perhaps yes, if it wants to be "successful," but not necessarily. The attack vector for the data storages is so vast that even the most unsophisticated malware components will sooner or later cause significant damage. It's only a matter of time.

For enterprises using AI, this can be especially painful. For example, the loss of current or operational files is always a problem, but the loss of model weights or a labeled dataset can set back development by a step or two.

Anatomy of Modern Attacks

Sophisticated ransomware spends weeks in the target environment before initiating encryption. It maps the storage topology, studies access patterns, identifies the location of backups and snapshots, and impacts the backup schedule. By the time the ransomware is launched, the offline target infrastructure or even engineers discover that the backups are no longer available or that they have already been encrypted.

Detecting the malware component before its "active phase" was once considered the most effective defense. However, this method has not kept pace with the evolution of ransomware techniques and architecture. Currently, the most reliable way to prevent attacks is immutability at the object, snapshot, and backup level.

WORM (Write Once, Read Many) object locking solves this problem at the data storage level. An object locked in compliance mode cannot be deleted or overwritten by anyone, including storage administrators, for a preset period. Neither ransomware nor a compromised data provider account will be able to do this.

Should we be worried?!

It depends on a ton of factors. For example, it's easy to imagine an environment in which irreversible data loss or constantly re-rolling backups would be much cheaper financially than building a secure protection infrastructure, but this is the exception. In the vast majority of cases, businesses are intolerant of these types of attacks. That leaves one option: fully secure, protected data storage. We're building this kind of storage in Vivaxdata.

Finally, answering the question "is this a pandemic?" We don't think so, but that's not the case yet. Looking at report statistics, for example at https://www.ransomware.live/, you can see a significant increase in the number of companies compromised and attacked. The situation isn't catastrophic at the moment, but it's becoming more acute.