Ransomware attacks, like the recent one on Mayanei Hayeshua hospital, are becoming increasingly common not only in Israel but globally. Bobi Gilburd, Chief Innovation Officer at the Team8 venture capital fund, emphasizes that the key lies in an organization’s response and recovery. While some businesses are severely impacted and even forced to close down, others are able to recover swiftly.

Gilburd points out that ransomware attacks are on the rise, in part due to the introduction of generative artificial intelligence (AI). However, he argues that AI itself can be the answer to AI-driven attacks. Gilburd encourages the use of AI-enhanced security products to counter evolving threats.

Ransomware attacks typically start with phishing, where malicious emails are sent to employees who may unknowingly execute a malicious file or visit a malicious website. Education plays a vital role in preventing such attacks by teaching individuals how to identify unusual elements in emails. Automatic protection tools can also block malicious emails at the corporate level.

If an employee falls victim to a phishing attack, automatic protection products come into play to detect and halt the attack. However, in some cases, these defense mechanisms may fail. Attackers constantly evolve their methods, and there is also the possibility of exploiting unknown security vulnerabilities known as zero-day vulnerabilities. Advanced security products that utilize cloud-based AI systems can effectively identify even zero-day attacks by recognizing patterns associated with such vulnerabilities.

In the event that these defense mechanisms fail, the attack can spread within the network. Protection products within the network can prevent the movement of malware between computers and detect abnormal behavior. However, if the attack spreads widely, it eventually becomes noticeable when affected computers become unresponsive. At this point, it becomes a race against time to shut down the server, disconnect it, and halt the encryption process.

Ransom attacks that threaten to disclose data, like the one on the Shirbit insurance company in 2020, can also be identified by protection products. AI systems excel at identifying anomalies, such as the sudden increase in the volume of data being leaked.

Ultimately, organizations under attack must weigh the cost of recovery against the attacker’s demand. While paying large sums of money is unlikely, smaller amounts may prompt organizations to consider negotiation or bringing in experts to assist in the recovery process.