Ransomware attacks are becoming increasingly common globally, including in Israel. The recent attack on the Mayanei Hayeshua hospital did not come as a surprise to Bobi Gilburd, Chief Innovation Officer at Team8 and former commander of the 8200 unit’s Cyber Center. Gilburd explains that the key difference lies in an organization’s response and recovery. While some businesses are severely impacted and may even be forced to close, others are able to recover swiftly.
According to Gilburd, ransomware attacks are on the rise, in part due to the introduction of generative artificial intelligence. He emphasizes that the answer to AI-driven attacks is AI itself. Gilburd encourages the use of AI-enhanced security products to counter evolving threats.
Ransomware attacks are widespread globally and are not specifically targeted at certain institutions. Attackers use malware to scan thousands of websites for vulnerabilities. While most attempts may fail, a small percentage may succeed. When conducted on a large scale, these attacks can affect numerous sites.
The attacks often start with phishing, where employees are tricked into opening malicious emails or visiting malicious websites. Education can help prevent such attacks by teaching people how to identify unusual elements in emails. Automatic tools can also block such emails at the corporate level.
If an employee falls victim to a phishing attack, automatic protection products play a role in detecting unusual domain requests and halting the attack. However, in some cases, these defense mechanisms may fail due to outdated or insufficiently powerful products or the exploitation of zero-day vulnerabilities.
When the attack successfully infiltrates the network, protection products within the network should prevent movement between computers and unauthorized access. In the case of Mayanei Hayeshua, this defense mechanism appears to have failed, leading to the widespread spread of the attack.
Once the attack is noticed, affected computers become unresponsive, and the ransomware spreads from one computer to another, encrypting databases. This process can take hours, providing an opportunity to halt the attack by shutting down the server and disconnecting it.
In some cases, ransom attacks may threaten to disclose data. In such situations, AI systems should be able to detect anomalies, such as a sudden increase in data volume, and take appropriate action. However, there may be instances where these systems fail, as seen in the ransomware attack on Shirbit insurance company.
When an organization is under attack with encrypted data, the attacker presents their demand, often a reasonable amount. While paying exorbitant sums is unlikely, organizations may consider the cost of recovery and bring in experts to negotiate.
Overall, ransomware attacks are a growing concern worldwide, and the use of AI-enhanced security products can help organizations effectively respond to and recover from such attacks.