March 26, 2024 | IBM i

Waiting for AI-Enhanced IBM i Anti-Ransomware Protection

image

Are There AIenhanced IBM i Ransomware Protection Strategies You Can Use? 

  • AI is heightening the global ransomware threat
  • Universal AI-enhanced IBM i ransomware protection is not ready yet
  • Speed is the main advantage for AI-enhanced ransomware strategies
  • Don’t wait for AI: protect your IBM i from ransomware now

AI is heightening the global ransomware threat

Generative Artificial Intelligence (AI) tools are lowering the bar for launching attacks. Cybercriminals previously needed higher levels of expertise and effort to launch a ransomware attack. With new AI tools, novices and attackers at all experience levels can launch more accurate ransomware attacks, which dramatically increases the volume, velocity and impact of new attacks.  

 

The nature of ransomware attacks has evolved so that adversaries now attack systems (including IBM i servers) and extort ransomware payments using three different strategies: 

  1. Encrypting and renaming critical system files, demanding ransomware to obtain a decryption key for data restoration
  2. Data exfiltration, stealing sensitive information and threatening to publish or sell the data if ransomware demands are not met
  3. Threatening to launch a Distributed Denial-of-Service (DDoS) attack if demands are not met. 

As organizations are increasingly refusing to pay ransomware for encryption attacks (strategy 1), attackers are more often pairing encryption attacks with data exfiltration and DDOS threats (strategies 2 and 3) for more ransomware payment opportunities. All three attack strategies are easier and faster to implement now that cybercriminals can adapt and use AI-based tools to attack systems, creating a triple extortion threat ransomware environment 

Universal AI-enhanced IBM i ransomware protection is not ready yet

There are several good IBM i-based ransomware solutions available, including iSecurity Anti-Ransomware offered from SEA. You can use these solutions in conjunction with native IBM i operating system capabilities for creating a defense in depth strategy that counters cyberattacks against IBM i Integrated File System (IFS) objects.  

 

Available IBM i ransomware protection solutions are very good. However, they currently cannot take much advantage of AI tools to fight AI-enhanced ransomware attacks. 

 

There is no universal IBM i ransomware protection solution available today that uses AI to battle AI-enhanced ransomware. We may reasonably expect AI ransomware detection capabilities added to these packages in the near future.  

Hardware-based AI-enhanced ransomware detection

There are some AI-enhanced hardware features for IBM Power systems that may help in the battle against IBM i ransomware attacks.

 

IBM recently released new AI-enhanced versions of its FlashCore Module (FCM) technology used inside IBM Storage FlashSystem products. Labeled FCM4, IBM’s new Solid-State Drive (SSD) technology provides AI-enhanced protection against malware, including ransomware. FCM4 uses machine learning to continuously monitor I/O statistics for anomaly detections that can indicate ransomware activity.

 

IBM Power10 systems now include Matrix Math Accelerator (MMA) engines built into every core. MMAs can efficiently perform the matrix math operations used in AI, including machine learning, inferencing and deep learning. Power10 systems also support the Open Neural Network Exchange (ONNX) for machine learning interoperability, allowing AI developers to deploy modules developed elsewhere to the Power10 platform.

 

These features may lead to AI enhancements for existing IBM i ransomware protection solutions and for new ransomware defense alternatives. Any potential solutions will likely be dependent on available hardware enhancements, such as upgrading to a Power10 system or installing new FCM4 SSDs. There are few ransomware protection products that can utilize these capabilities today.

Speed: The main advantage for AI-enhanced ransomware strategies

Speed is the main advantage cybercriminals gain from using generative AI tools for ransomware attacks. Generative AI will allow them to more quickly develop and deploy new ransomware programs on the Internet. AI may also allow them to more quickly locate potential victims, decrease breakout times (the time it takes a compromised machine to compromise other hosts) and to more easily create new ransomware threat strategies such as DDoS ransomware attacks.

 

For IBM i victims, new AI-enhanced ransomware protection solutions (when available) will also allow ransomware targeted organizations to use speed as a defensive weapon. AI-enhanced solutions may allow organizations to locate ransomware activity more quickly as it happens, using hardware detection along with better algorithms employing machine learning, inferencing and deep learning. It may also allow administrators to reduce dwell times (the time ransomware is present in the system without being detected). Adding generative AI to ransomware protection tools should result in quicker detection, damage mitigation and quarantining and neutralizing ransomware software.

Don’t wait for AI: protect your IBM i from ransomware now

As mentioned above, there are few if any AI-enhanced IBM i ransomware protection solutions available today. Fortunately, there are several IBM i-specific anti-ransomware solutions that can be deployed right now while we are waiting for the benefits of AI applied against IBM i ransomware attacks.

 

Don’t hesitate to deploy existing IBM i solutions such as iSecurity Anti-Ransomware and then upgrade to AI-enhanced solutions, when they become available. You’ll receive the best available ransomware protection now and enjoy any promised AI enhancements later.

 

Organizations can benefit by installing third-party IBM i-ransomware protection solutions that provide these features and benefits.

Identifying, delaying and stopping ransomware activity in real-time: Many solutions already perform continuous IFS monitoring for in-process ransomware attacks. They can automatically disconnect ransomware infected devices and alert security personnel when attacks are detected. Solutions like iSecurity Anti-Ransomware already mirror the scanning capabilities of IBM’s new FCM4 technology using software instead of hardware capabilities.

Using multiple ransomware behavioral characteristics to detect suspicious activity: Many solutions also scan for behavioral changes that may indicate ransomware activity. Ransomware markers include excessive IFS file activity, object name and extension changes, and changes to an object’s encryption status.

Real-time alerts and logging for enterprise forensics, reporting and analysis: Alerting security personnel when ransomware activity is detected. Some IBM i-based ransomware protection solutions can also send information to Security Information and Event Management (SIEM) systems to help enterprise security determine how far a ransomware infection has broken out and whether there are other devices where undetected ransomware may be dwelling.

 

There are other operating system and network configurations and strategies that can be set up to create a defense in depth strategy for protecting IBM i servers against cyberattacks. Check SEA’s blog post on 5 Ways to Protect the IFS from Cyberattacks for more information on securing the IFS against cyberthreats.