Machine learning could help companies react faster to ransomware

In a world where any self-respecting malware author makes sure that his creations bypass antivirus detection before releasing them, enterprise security teams are forced to focus on improving their response times to infections rather than trying to prevent them all, which is likely to be a losing game. Exabeam, a provider of user and entity behavior analytics, believes that machine-learning algorithms can significantly improve ransomware detection and reaction time, preventing such programs from spreading inside the network and affecting a larger number of systems. Because the decryption price asked by ransomware authors is calculated per system, isolating affected computers as soon as possible is critical. Only last week the University of Calgary announced that it paid 20,000 Canadian dollars (around US 15,600) to ransomware authors to get the decryption keys for multiple systems. Exabeam's Analytics for Ransomware, a new product that was announced today, uses the company's existing behavior analytics technology to detect ransomware infections shortly after they occur.