Role of Artificial Intelligence and Machine Learning in Ransomware Detection and Mitigation on Mobile

Dr. Radu-Casian Mihailescu, Associate Professor at the School of Mathematical and Computer Sciences, Heriot-Watt University Dubai

The rapid proliferation of mobile devices has transformed our communication, commerce, and entertainment, while creating a fertile ground for cybercriminals. Among the most insidious threats to mobile security nowadays is ransomware—malicious software that blocks access to information until a ransom is paid. The stakes can be very high, and conventional cybersecurity measures regularly fall short. However, Artificial Intelligence (AI) and Machine Learning (ML) technologies are poised to transform the landscape of ransomware detection and mitigation on mobile devices, presenting hope for a more secure digital future.

The Ransomware Menace on Mobile Devices

Ransomware attacks on mobile devices have escalated in recent years, portraying a grim picture of our digital landscape. According to a report by Astra, 2023, ransomware attacks have surged by 13 per cent in the last five years, inflicting an average cost of $1.85 million per incident.

Due to their ubiquity and often inadequate protection, mobile devices have become top targets for cybercriminals. A study by Cyware Social in 2023 revealed an alarming trend: the emergence of nearly 200,000 new cellular banking trojans in 2022, a 100 per cent increase from the previous year.

According to the Statista 2023 report, RiskTool accounted for 24.05 per cent of mobile malware detected worldwide, and Trojan attacks constituted approximately 15.6 per cent of all new mobile malware detected online. This escalation underscores the need for strong detection and mitigation strategies on mobile, making adopting AI and ML technologies a necessity.

 The Promise of AI and ML in Cybersecurity

AI and ML are not just buzzwords but actual technologies that have already begun to revolutionise diverse industries. In cybersecurity, they offer practical tools. For example, AI and ML can analyse large amounts of data in real-time more reliably than human experts. They can perceive behaviors and anomalies that suggest malicious intent, enabling proactive attack detection and mitigation.

Enhancing Ransomware Detection

Traditional antivirus software programs are using signature-based detection, which can be ineffective against new or evolving threats. AI and ML, by contrast, excel at identifying previously unknown malware by analysing behavioural trends.

ML algorithms may be trained on large datasets of known malware and benign software, studying to differentiate between the two with high accuracy. Techniques such as anomaly detection, which identifies deviations from a recognised baseline of regular behaviour, can detect ransomware before it executes on the device.

Improving Response Mechanisms

Detection is the first step. Effective mitigation strategies are essential to decrease the effect of a ransomware attack. AI and ML can play a pivotal role as well. Once ransomware is detected, AI-based systems can automatically isolate the compromised device to prevent the spread of malware. They can also initiate data backups and restore systems from uncompromised backups.

Moreover, AI can help in the dynamic evaluation of ransomware, helping cybersecurity experts understand its behaviour and develop specific countermeasures. This speedy response functionality is critical in decreasing downtime and financial losses. IBM’s Cost of a Data Breach Report highlighted that it takes 277 days on average to identify and contain a breach: 207 days to identify and 70 days to contain. That is a 3.5% decrease from the previous year, which averaged 287 days. Meanwhile, cyberattacks are much faster. Ransomware had a 94% reduction in deployment time in just two years.

Case Studies and Real-world Applications

Several cybersecurity firms are already leveraging AI and ML to fight ransomware on mobile platforms. For instance, Zimperium’s z9 engine uses ML to detect mobile threats on-device, ensuring real-time safety even without an internet connection. Similarly, Lookout’s Mobile Endpoint Security utilises behavioural analysis powered by AI to perceive and mitigate threats.

One notable success story involves BlackBerry’s AI-driven cybersecurity solutions. BlackBerry Protect, powered by Cylance AI, has been shown to prevent ransomware attacks with impressive efficiency. During a series of tests, BlackBerry Protect demonstrated a 99% effectiveness rate in stopping malware, including ransomware, before it could execute.

Challenges and Considerations

While AI and ML have tremendous potential to improve mobile ransomware defenses, numerous challenges remain. One significant issue is the need for massive amounts of relevant data to train such ML models. Collecting and curating this data, specifically within the context of continuously evolving ransomware, is daunting. Additionally, adversaries use AI to develop sophisticated malware due to the ongoing arms-race between attackers and defenders.

Privacy concerns are another critical issue. AI-driven cybersecurity solutions regularly require access to personal behavior and device usage data, raising privacy concerns.

Future Directions

The future of AI and ML in ransomware detection and mitigation on mobile devices appears promising. As these technologies evolve, they may become more adept at identifying and neutralising threats. One exciting development is the combination of AI with blockchain technology, which can enhance the security and transparency of record transactions, reducing the danger of ransomware attacks.