By Dr. Timothy Yap
The rise in mobile device usage has undeniably transformed modern communication, commerce, and entertainment. However, this rapid expansion has also heightened the risks posed by cybercriminals, with ransomware emerging as a particularly pressing threat.
Ransomware, a type of malicious software that locks users out of their data until a ransom is paid, presents severe challenges. Traditional security measures often struggle to keep pace with the evolving nature of these attacks. Yet, Artificial Intelligence (AI) and Machine Learning (ML) are proving to be game-changers in the fight against ransomware, offering renewed hope for more robust mobile security, especially in Malaysia.
The Ransomware Crisis in Malaysia
In Malaysia, ransomware incidents surged by 37% in 2023 compared to the previous year, with average ransom demands reaching a staggering $5.3 million. Although there was a 10.52% decline in reported ransomware incidents in the first quarter of 2024 compared to the last quarter of 2023—17 incidents were recorded—the overall threat remains significant.
According to the PIKOM Cybersecurity Report 2024, the primary causes of cybersecurity breaches in Malaysia are ransomware, malware, social engineering, and misconfigured systems. The report reveals that the manufacturing and government sectors accounted for 38.2% of organisational cyberattacks, with over 58% driven by ransom demands. Organised crime groups, ransomware gangs, and initial access brokers (IABs) are increasingly targeting Malaysia with sophisticated cyberattacks.
Key sectors such as manufacturing, education, logistics, and banking have frequently been targeted, with commercial businesses suffering the most. The substantial costs associated with data recovery and system repairs highlight ransomware’s status as one of the most financially devastating cyber threats.
AI and ML: A Paradigm Shift in Cybersecurity
AI and ML are set to revolutionise the approach to ransomware defence. Unlike traditional antivirus solutions that rely on known malware signatures, AI and ML can detect threats by analysing behavioural patterns and anomalies. This shift from reactive to proactive security measures is crucial for addressing the dynamic nature of ransomware threats.
AI and ML offer several key advantages for detecting ransomware. For example, anomaly detection allows AI systems to establish a baseline of normal device behaviour and flag deviations such as unauthorised file encryption, which might indicate a ransomware attack. This early detection capability enables swift intervention before the ransomware can fully execute. Behavioural analysis further enhances detection by observing user actions and application interactions to identify unusual behaviour that could signal malicious intent.
Moreover, AI-driven systems provide real-time alerts and responses to emerging threats, significantly reducing the window of vulnerability and minimising potential damage. The role of AI and ML extends beyond detection to include improved response mechanisms. For instance, automated isolation enables AI systems to automatically contain the threat by disconnecting infected devices from the network, preventing further spread. This containment helps mitigate the impact on other systems. Additionally, AI can streamline data recovery by managing backups and restoring systems from secure copies, reducing downtime and financial losses.
Real-World Applications
Several cybersecurity companies are leading the way in using AI and ML to combat ransomware on mobile platforms. Zimperium’s z9 engine employs ML to detect threats directly on mobile devices, even when offline. BlackBerry’s AI-powered solutions have demonstrated a remarkable 99% success rate in preventing ransomware attacks before they can cause harm, showcasing the effectiveness of these technologies in practical scenarios.
Despite their potential, AI and ML face several challenges. Effective models require extensive, high-quality data for training, and without a robust dataset, these systems may struggle to accurately identify new and evolving threats. As cybercriminals increasingly adopt AI to develop sophisticated malware, the cybersecurity community must continuously adapt and innovate. Additionally, AI systems often require access to sensitive user data, raising concerns about data protection and regulatory compliance. Balancing effective security measures with user privacy is essential to maintaining trust and compliance.
Developing Talent in Cybersecurity
Addressing these challenges also necessitates developing talent in cybersecurity. Building a skilled workforce is crucial for harnessing the full potential of AI and ML technologies. Investing in training and education to develop experts who can manage and advance these technologies will be vital for staying ahead of cyber threats. Nurturing talent not only supports the implementation of cutting-edge solutions but also ensures the continued evolution and resilience of cybersecurity strategies.
The future of AI and ML in mobile ransomware detection is bright, with promising advancements such as integrating blockchain technology for enhanced security and using federated learning to protect user privacy. These technologies are crucial for improving detection and response to ransomware threats, representing a significant shift in the fight against cybercrime. To fully leverage AI and ML, it is essential to address challenges, balance privacy concerns, and invest in continuous innovation and talent development.
The author is an Assistant Professor in School of Mathematical & Computer Sciences at Heriot-Watt University Malaysia