This article is part of a VB special issue. Read the full series here: AI and Security.

Imagine getting to a courthouse and seeing paper signs stuck to the doors with the message “Systems down.” What about police officers in the field unable to access information on laptops in their vehicles, or surgeries delayed in hospitals? That’s what can happen to a city, police department, or hospital in a ransomware attack.

Ransomware is malicious software that can encrypt or control computer systems. Criminals who launch these attacks can then refuse to return access until they get paid. Before 2019, ransomware was perhaps best known for targeting businesses and individuals. Attacks against Travelex, oil and gas companies like Maersk and industrial control systems led to hundreds of millions of dollars in losses in recent years.

But increasingly, cities, public utilities, and public-facing institutions are also being targeted. As attacks increase, a growing number of security experts are using AI to improve the effectiveness of their malware attack defenses. But there’s also concern that criminals will begin using AI to weaponize ransomware and plot more efficient attacks.

Vulnerable targets

Analysis by security firm Emsisoft found that in 2019 alone, roughly 85 schools or universities, about 100 local and state governments, and more than 700 health care providers suffered ransomware attacks. That doesn’t include the recent attacks on Texas school districts that lost $2.3 million, or an attack that led the city of New Orleans to declare a state of emergency. New Orleans mayor LaToya Cantrell said costs from the ransomware attack exceed the city’s $3 million cyber insurance policy.

Ransomware attacks on public-facing institutions are particularly concerning because unlike an individual or business, debilitated cities, schools, and hospitals threaten public safety and essential services. Emsisoft’s report said that in 2019, ransomware interrupted 911 services, delayed surgical procedures, and made it tough for emergency response officials to access medical files, scan employee badges, and view outstanding warrants.

Even without the benefit of AI-powered ransomware, cybercriminals are doing plenty of damage, and the cost and frequency of attacks is on the rise. Baltimore spent $18 million to address damages from a 2019 attack. Before that, an attack on the city of Atlanta reportedly cost about $17 million in recovery, damages, and other losses.

According to analysis by Barracuda Networks, small municipalities are particularly vulnerable, as nearly half of attacked cities in 2019 had a population of 50,000 people or less. The analysis also found that two-thirds of ransomware attacks in 2019 were aimed at government organizations.

Looking back, it can sometimes seem as if ransomware attacks on cities came out of nowhere, but Malwarebytes Labs director Adam Kujawa says the trend dates back to the end of 2017, when WannaCry, Petya, and NotPetya redefined what’s possible for malware. These attacks were able to encrypt data and spread to networks across the globe, something he said opened cybercriminals’ eyes to new possibilities. A worm meant for a Ukrainian utility company spread worldwide like a digital dirty bomb, causing up to $10 billion in damages.

Then in late 2018, Malwarebytes saw attacks involving EmoTet, which steals credentials to spread malware through a spam module and then uses malicious software like TrickBot to move laterally and infect a network.

“From there, we just started to see more and more and more of that particular attack method, and then modifications to that attack method, and evolutions of that attack method, and that’s basically been status quo ever since,” Kujawa said.

Barracuda Networks says email is the most common way attackers access city systems, followed by PDFs and Microsoft Office documents. Phishing emails and documents are sometimes designed to fit in among the kinds of emails and documents a city typically receives, like invoices or shipping notices.

“Vulnerability is a technical debt, and in many ways [it] cannot be closed and cannot be solved,” said Barracuda Networks CTO Fleming Shi. “So I think that’s a key reason why they’re being target[ed]. I think it’s also instrumental in test-driving potential attacks in an election year, because [attackers] don’t have to disrupt all the cities, they just have to disrupt some of the important cities to basically — in the election process — cause a major havoc for all of us.”

Kujawa said the evolution of these tools and higher returns on investment from other attacks have shifted more criminal activity toward governmental institutions. He noted that city services and hospitals are becoming bigger targets because they contain so much personally identifiable information (PII) and need to function in order to serve society.

Cities are known for their slower-than-average adoption of new technology, including the kinds of software updates meant to patch the latest vulnerabilities. They are also unlikely to have cybersecurity experts on staff and may have a culture that fails to take cybersecurity seriously.

Criminal tactics also appear to be escalating. Rather than just threatening to encrypt files and limit access, attackers are now threatening to post files online.

“It may very well become kind of standard operating procedure to start threatening the release of internal documents and customer information out into the open net, which would turn a ransomware attack into a full-blown data breach. And that would cause a lot more problems for the organization dealing with the infection,” Kujawa said.

Ransom payments — which are typically requested in Bitcoins — are also going up. Malwarebytes found that the typical ransoms attackers demanded from governments and schools in 2019 rocketed up from around $1,000 to over $40,000 by the end of the year. Security firm Coveware puts the average ransom over $80,000 in Q4 2019.

Another concern is that groups carrying out ransomware attacks are beginning to sell software that allows criminals with less technical knowledge to launch their own attacks — what Kujawa and Shi call ransomware-as-a-service.

“It’s almost an economy on its own,” Shi said.

A ransomed city’s missteps

Among the most high-profile, expensive, and enduring examples of how bad the situation can get are the two ransomware attacks Baltimore suffered within the span of a little over a year. The second occurred in May 2019, and by the time it was over the city had lost nearly $18 million.

There’s debate over whether cities should pay ransom demands. Kujawa said Baltimore made a mistake in not paying the ransom, but he stopped short of prescribing a general policy. “The day when we can say with 100% certainty, ‘Do not pay the ransom,’ that it’s a bad idea … I don’t say that anymore,” Kujawa said.

Events in the summer of 2019 reinforced the division over whether to pay ransoms. In June, the Florida cities of Lake City and Riviera Beach paid ransoms of about $500,000 and $600,000, respectively. By contrast, nearly two dozen cities in Texas were hit in a collective attack in August 2019, but none of them paid ransoms.

Some cities try to take proactive measures against potential ransomware losses by purchasing cyber insurance coverage. In the wake of attacks in New Orleans, Cantrell said the city plans to raise its cyber insurance coverage from $3 million to $10 million, while the Baltimore Board of Estimates approved a $20 million cybersecurity policy in October 2019.

Kujawa said cyber insurance takes the problem out of the hands of someone who’s never encountered ransomware and turns it over to people who deal with it all the time.

“That being said, there are plenty of scammers out there, and companies who claim they can do this. It’s obviously difficult to tell who’s above board and who isn’t, but I definitely think [cybersecurity insurance] serves a purpose in our society today and will be more valuable in the future, as long as it doesn’t exist just to inflate costs of remediation.”

Regardless, Shi noted that it’s unwise for cities to announce that they have cyber insurance — a mistake he said Baltimore made. “It just invites larger ransoms and kind of feeds the beast,” he said.

Ransomware trends could be exacerbated by the fact that few perpetrators of attacks against public-facing institutions have been brought to justice.

How AI protects against ransomware attacks

To protect against the spread of ransomware, security software uses AI to detect, isolate, and delete infected files. Security software can use unsupervised machine learning to create AI models that are trained by data sets to recognize the difference between clean and malicious files. Natural language processing (NLP) and computer vision aid in the detection of anomalous behavior in emails or documents.

Microsoft is using monotonic models that run on top of traditional classification models and catch 95% of malicious software. The technique was developed by UC Berkeley AI researchers and is used to look for malicious file attributes, rather than a combination of good and bad files for training.

A report by cybersecurity firm Capgemini found that artificial intelligence is helping the industry move faster and focus on its biggest problems. Three out of four security professionals surveyed say AI reduces time to detect malware and two out of three say it lowers the cost of responding to a breach.

And antivirus and security firms are increasingly adopting AI. About one in five security organizations used AI before 2019, but two out of three plan to incorporate the technology in 2020. 

How AI may fuel ransomware attacks

The fact that spear phishing is still a primary method of delivering malware, Kujawa said, shows how susceptible people still are to the kind of trickery that sometimes lands in their email inbox.

It’s also a reflection of the fact that today’s ransomware campaigns do not appear to need help from AI. Malwarebytes and Barracuda Networks have yet to witness AI in ransomware in the wild. Analysis by Malwarebytes that examines the potential weaponization of malware predicts ransomware with AI won’t be seen in the wild for another one to three years.

At present, Kujawa said he’s mostly concerned with the idea of AI that can profile the best people to target in an organization. 

AI could also discover paths for spreading malware to a great number of machines around the world and become ammunition in an AI arms race.

Such methods could utilize the kind of vulnerabilities specific security vendors detect or train models to detect soft areas for attack.

“Some researchers have done lab tests and created in-house AI malware. It’s certainly a possible thing, but how we’re going to actually see it, how often we see it, is really what concerns me the most,” Kujawa said. “I really do see AI and machine learning being used for grabbing data from leaks, or from social media or from anywhere else to create profiles of particular users or your ideal victim profile. You can use all that information to create far more efficient spear phishing against businesses or anybody else you want.”

Where things could be headed

“Hopefully, lessons learned in 2018 and 2019 will manifest into actual greater security in 2020 for these organizations, but we know that’s probably not the case across the board. [The attacks] are going to get worse,” Shi said.

He predicts that in 2020, small towns in swing states may see more attacks by nation-state actors as a way to discover vulnerabilities ahead of the U.S. presidential election in November.

“The ones that matter in an [electoral] decision sometimes will become the target,” Shi said. “My point there is I don’t feel like we are ready for the election year with the proper defense.”

Kujawa thinks we’re unlikely to see these kinds of attacks on small cities in swing states because there are subtler ways to test systems. However, he shares Shi’s concern that cities and public-facing institutions could see a rise in ransomware attacks carried out by nation-states in the future because their motivations extend beyond financial extortion.

“We’ve seen a lot more activity by nation-state actors over the last few years, and a lot of them, especially, from certain Eastern European countries, where it’s not obvious that it’s a nation-state or state-sponsored attackers behind these things,” he said. “We’re seeing more attacks that could be disguised, or a red herring that indicates this is being done by a cybercrime group or some kid in a basement or something like that, when in reality, it’s Russia, it’s China, it’s North Korea who are doing things to harass or send messages or just poke around and see what’s possible.”

Indeed, a number of nation-states have already contributed to the growth of ransomware in the world today, forming the foundation of events Kujawa calls instrumental to the ransomware status quo.

WannaCry, which caused an estimated $4 billion to $8 billion in damages worldwide, was spread by the Shadow Brokers, actors thought to be associated with the Russian government. EternalBlue, an exploit stolen from the NSA’s hacking group, exposed a vulnerability in the Windows operating systems that hackers used in WannaCry, Petya, and NotPetya attacks.

The Trump administration called NotPetya “the most destructive and costly cyberattack in history,” and it resulted in U.S. Treasury Department sanctions on the Russian government in 2018. The U.S. Treasury Department unveiled sanctions for NotPetya together with sanctions for interference in the 2016 presidential election.

Kujawa is encouraged to see that security experts are now more aware of the capabilities of criminal syndicates and the prevalence of ransomware software. More cities are beginning to implement best practices to put PII behind another layer of technology and establish protocol for IT first steps when an attack happens.

He added that security firms like Barracuda Networks and Malwarebytes are using AI to better detect ransomware like SamSam, Ryuk, RobbinHood, and LockerGoga.

“We’re moving in that direction, and a lot of the industries in security are moving in that direction as well. It really is going to have to be an AI versus AI thing,” he said. “If the cybercriminals actually start utilizing this stuff, we need to be able to stop threats before they hit, and we have to be able to stop threats without even knowing they exist yet.”

Read More: VentureBeat's Special Issue on AI and Security