You are currently viewing Ransomware groups seek AI expertise in cybersecurity

Ransomware groups seek AI expertise in cybersecurity

Hello and welcome to Protocol Enterprise! Today: why cash-rich ransomware groups might be hiring AI experts sooner than anyone wants, Microsoft’s blockchain chief leaves the company, and this week in enterprise technology startup investments.

Twirl up

A renewed interest in observability tools has yet to translate into faster responses to incidents when detected. According to a study by, 64% of respondents said it usually took them more than an hour to recover from an incident, up from 47% last year.

The real AI race

In the perpetual battle between cybercriminals and defenders, the latter have always had a largely undisputed advantage: the use of AI and machine learning allows them to automate much of what they do, particularly with regard to the detection and response to attacks. This head start hasn’t been enough to keep ransomware at bay, but it’s still far more than cybercriminals have ever been able to muster in terms of AI and automation.

Indeed, deploying AI-based ransomware would require AI expertise. And ransomware gangs don’t have it. At least not yet.

But given the wealth amassed by a number of ransomware gangs in recent years, it may not be long before attackers bring in their own AI experts, said prominent cybersecurity authority Mikko Hyppönen.

  • Some of these groups have so much money — or rather, bitcoin — that they could now potentially compete with legitimate security firms for AI and machine learning talent, according to Hyppönen, the company’s research director. cybersecurity WithSecure.
  • The Conti ransomware gang withdrew $182 million in ransom payments in 2021, according to blockchain data platform Chainalysis. Leaked Conti talks suggest the band may have invested some of their share in a costly ‘zero day’ vulnerabilities and hiring penetration testers.
  • “We have already seen [ransomware groups] hire pen testers to break into networks to figure out how to deploy ransomware. The next step will be that they start hiring ML and AI experts to automate their malware campaigns,” Hyppönen told Protocol.
  • If that happens, Hyppönen said, “it would be one of the biggest challenges we’re likely to face in the near future.”

While catastrophic cybersecurity predictions abound, With two decades of cybercrime experience, Hyppönen is not just any tipster. He has been part of his current company, known until recently as F-Secure, since 1991 and has been researching and competing with cybercriminals since the concept’s early days.

  • When it comes to ransomware, for example, automating large parts of the process could mean an even greater acceleration of attacks, said Mark Driver, research vice president at Gartner.
  • Currently, ransomware attacks are often highly tailored to the individual target, making attacks harder to scale, Driver said.
  • Despite this, the number of ransomware attacks doubled year-over-year in 2021, SonicWall reported – and ransomware is also growing in popularity.
  • “It’s not worth their effort if it takes them hours and hours to do it manually. But if they can automate it, absolutely,” Driver said. In the end, “it’s terrifying”.

If cybercrime groups hire artificial intelligence talent with part of their windfall, Hyppönen believes the first thing they will do is automate the more manual parts of a ransomware campaign. Actual execution of a ransomware attack remains difficult, he said.

  • “How do you get it on 10,000 computers?” How do I find a way to access corporate networks? How to bypass the different protections? How do you continue to change the operation, dynamically, to ensure that you are successful? said Hyppenen. “It’s all manual.”
  • Monitoring systems, modifying malicious code, recompiling it, and registering new domain names to avoid defenses — things humans take a long time to do — would all be fairly simple to do with automation. “All of this is done in an instant by machines,” Hyppönen said.
  • That means it should be very obvious when AI-powered automation comes to ransomware, according to Hyppönen.
  • “It would be such a big change, such a big change,” he said. “We certainly wouldn’t miss it.”

While AI talent is extremely scarce right now, that will begin to change in the coming years as a wave of people graduate from universities and research programs in the field, noted Ed Bowen, managing director of Deloitte’s AI Center of Excellence.

  • “Today, all security companies rely heavily on machine learning – so we know exactly how difficult it is to hire experts in this area. Especially people who have expertise in both cybersecurity and machine learning, so they’re hard people to hire,” he said. says Protocol. “However, it becomes easier to become an expert, especially if you don’t need to be a world-class expert.”
  • This dynamic could increase the pool of candidates for cybercrime organizations that are both richer and “more powerful than ever before,” Hyppönen said.
  • If this future were to materialize, it would have massive implications for cyber defenders, should a greater volume of attacks – and attacks against a wider range of targets – result.
  • Between forwards and defenders, “you’re always going above and beyond” on technical ability, Driver said. “It’s a war trying to get ahead of the other side.”

—Kyle Alspach (E-mail | Twitter)


The speed at which security has been tightened over the past 12 months has been a derivative benefit of what we have seen during the pandemic. Privacy, compliance and security are three legs of the same stool. What we are seeing more and more is that this intersection continues to occur. RingCentral has invested in all of these.

Learn more

Channel change at Microsoft

Microsoft chain chief Rodney Clark is leaving the tech giant to take a job at an outside company.

The 24-year Microsoft veteran’s departure comes just over a year after he was appointed to what he then described as a “destination role” and “dream job” at Microsoft. Last March, he replaced Gavriella Schuster, who had held the position of chain manager for five years.

As vice president of Channel Sales, Clark oversaw more than 400,000 Microsoft Partner Network companies that sell and support its enterprise products and services and build their own solutions and devices around them.

Clark joined Microsoft in 1998 and had been leading its IoT and Mixed Reality sales for more than 3.5 years when he landed the role of Channel Manager.

“For more than 24 years, I have been able to learn, grow and work for the best company in the world,” Clark said in a LinkedIn post on Monday. “My family was raised on Microsoft and my community was shaped by Microsoft.”

Clark has accepted a new position as general manager at a publicly traded company that is partnering with Microsoft, according to a blog post Monday by Nick Parker, Microsoft vice president for Global Partner Solutions.

Parker said Microsoft is actively discussing Clark’s replacement and expects to have a new leader in place by the start of its new fiscal year in July. The company plans to introduce its new lead at Microsoft Inspire, its annual partner conference which runs July 19-20.

— Donna Goodison (E-mail | Twitter)

Coming to Protocol

Join Protocol Corporate Editor Tom Krazit on May 18 at 10:00 a.m. PT for a series of interviews with high-level executives filmed at SAP Sapphire 2022. Hear from CIOs at leading consumer packaged goods companies about the role of enterprise technology in transforming their business models and navigating a new era of digital transformation.

RSVP here.


At RingCentral, we strive to make hybrid working easier for organizations so they can better set up, run, and manage their business. We wonder what is the benefit we can get, or afford, that is better than the best in class in the industry?

Learn more

Thanks for reading – see you tomorrow!

Leave a Reply