Machine learning could help companies react faster to ransomware

File-encrypting ransomware programs have become one of the biggest threats to corporate networks worldwide and are constantly evolving by adding increasingly sophisticated detection-evasion and propagation techniques. In a world where any self-respecting malware author makes sure that his creations bypass antivirus detection before releasing them, enterprise security teams are forced to focus on improving their response times to infections rather than trying to prevent them all, which is likely to be a losing game. Exabeam, a provider of user and entity behavior analytics, believes that machine-learning algorithms can significantly improve ransomware detection and reaction time, preventing such programs from spreading inside the network and affecting a larger number of systems. Because the decryption price asked by ransomware authors is calculated per system, isolating affected computers as soon as possible is critical. Only last week the University of Calgary announced that it paid 20,000 Canadian dollars (around US 15,600) to ransomware authors to get the decryption keys for multiple systems.