Once again ransomware has found a way to shed its skin, bypassing vigilant malware solutions and administrators alike. In this case, CryptoMix (a combination of the ransomeware families CryptXXX and CryptoWall) was the culprit. The researchers at MalwareHunterTeam came across a new variant of CryptoMix, and while the changes to the application were mostly cosmetic, they were enough to camouflage the snake, allowing it to sneak past most AV software.
Like many other variants of ransomware, once the infected files are uploaded, there is no known way to decrypt these files without assistance from the blackmailers. As such, the cyber attackers can demand large sums of money or other collateral in exchange for returning the user’s files.
The protection against these threats is an AI-based endpoint protection solution. Unlike other antivirus programs, those enhanced with artificial intelligence provide predictive capabilities for malware, even if it has not been seen before. This predictive capability is what is setting next-generation antivirus products apart from the older behavioral, heuristic, and signature-based solutions.
Mutating or armoring malware has never been easier, a fact cybercriminals are taking advantage of. These crooks know they can make small, surface-level changes to their ransomware that consequently can bypass the signature capabilities of legacy endpoint protection. For instance, by simply altering one byte in this new version of CryptoMix, VirusTotal (a third-party website that compares antivirus software) found that the number of AV vendors that detected the changed version went down by 17%. Predictive capabilities are the only method available to stay ahead of ransomware.
However, these tricks have no effect on DeepArmor since it is powered by machine learning predictive analysis. With AI at its core, this endpoint protection can identify the features unique to malware and is never fooled by a change in skin.
The predictive capabilities of DeepArmor are based on mathematical models of what malware looks like, the actions it is programmed to take, and the capabilities built into it. Using the insight gained analyzing millions of samples of malware, DeepArmor can pick out the new variants and zero-day attacks hitting the web every day. Legacy vendors are always playing catch up, reacting to threats after they happen, and by the time a solution for the problem is presented, it is likely that threat has changed face.
Don’t be fooled by claims of AI and machine learning (ML) integration, only DeepArmor takes a 100% artificial intelligence and machine learning approach to malware detection.