By Bryan Lares and Marla Rosner
On May 12th, a massive ransomware attack hit organizations in 99 countries, including 16 hospitals in the UK. The ransomware, named “WannaCry,” took advantage of a vulnerability in Windows systems that had not yet been updated with Microsoft’s March security patch.
This created a massive disruption in Britain’s healthcare system, as the ransomware scrambled hospital computer data, demanding payments between $300 and $600 to decrypt the files. Affected hospitals across the country were forced to turn all but the most critical patients away.
However, the same day WannaCry hit, SparkCognition’s artificial intelligence (AI) antimalware solution, DeepArmor, caught WannaCry without ever even training on it.
How and why did this attack happen? And perhaps more critically, why was DeepArmor yet again able to catch a new threat when so many security systems around the world could not?
The unfortunate truth is that this is only the latest in a long chain of onslaughts against hospitals. Healthcare is now the industry most attacked by cyberthreats[1], with international criminal organizations systematically developing and distributing ransomware designed to target healthcare.
Hospitals and other healthcare providers are not only highly valuable targets, but easy ones as well. Medical records have between 10 and 20 times the value of credit card data, and the traditionally lax security on medical devices make them all too easy to hack. Modern hospitals employ a dizzying array of sensors and monitors, averaging 10 to 15 connected devices per bed and over 5,000 beds. Every single one of these devices represents a vulnerability in a hospital’s security systems that can be exploited to gain access to the entire network.
Once they’ve seized control of a system, hackers will often demand a ransom to be paid in crypto currency or post compromised information on the dark web to the highest bidder. This is particularly dangerous for the healthcare industry, as while hackers are holding systems hostage, hospital patients are left without the critical devices and resources they need in order to stay alive. Ransomware in healthcare is not just a financial and security risk, but a genuine matter of life and death.
When it comes to ransomware, the traditional security model is broken, and a new approach is needed to keep up with the evolving threat landscape.
This is where AI comes in. Where traditional security systems cannot protect healthcare effectively, AI-powered endpoint protection can. As a cognitive endpoint protection solution, DeepArmor leverages the power of machine learning and natural language processing (NLP) algorithms to analyze the DNA of unknown files. In this way, it can detect malware before it can breach a system’s perimeter.
DeepArmor leveraged its kernel-level driver to freeze the execution of WannaCry, which was then analyzed and detected by DeepArmor’s cognitive detection engine. At that time, DeepArmor’s automated threat handling jumped into action, immediately quarantining the binary before it could be executed on the system. DeepArmor also immediately alerted both the user and the administrator of this new threat vector.
DeepArmor was able to identify and block WannaCry because it has trained on hundreds of thousands of clean and malicious binaries, allowing it to identify similarities between the characteristics of WannaCry and those of previous hacking techniques.
Artificial intelligence and machine learning aren’t just buzzwords—they are imperative to mitigating the massive risks associated with the ransomware crisis. With ransomware attacks growing bigger and bolder by the day, it may be time for the healthcare industry to start looking into new, more intelligent solutions to keep themselves and their patients safe.
[1] Jones, Olly. “Diagnosis Cyber: The Cyber Threats to Healthcare.” Security News Desk. 11 Nov. 2016.
