Jul 9, 2017 - Politics & Policy

Quarantine may be the answer to ransomware

Creative Commons

DLA Piper's 3,600 attorneys work in 40 countries, making it one of the world's largest law firms. One of those countries is Ukraine, which on June 27 placed the firm on the front lines of one of the most penetrating commercial cyberattacks ever: Petya. When it hit, it took down DLA Piper's global computer systems, which appear still not to be fully back up. But DLA Piper was only one of hundreds of thousands of victims of the malware in more than 60 countries.

Can't artificial intelligence protect us? AI and machine learning are now crucial to protection (see below). But when it comes to malware like Petya, that will be too late — your data and your entire hard drive will already be encrypted. Petya victims lost much of their stuff to eternity.

BUT there is other protection: On the day of the attack, Microsoft published a blog post and a video describing new protective software, buttressed by machine learning capability. Called Windows Defender Application Guard, it should prevent Internet terrorists, at least for now, from taking down the world's infrastructure and economy, according to Simon Crosby, CTO of Bromium, an Internet security firm, who worked with Microsoft on the technology.

Who dunnit? A lot of security analysts see the fingerprints of a state actor in Petya, specifically Russia, although we still don't know with certainty.

If it is Russia, will it stop? Despite President Donald Trump's planned creation of a new "cyber security unit" with Russian President Vladimir Putin, probably not any time soon. Russia continues to intrude in critical U.S. systems.

How the protection works: The Windows program, and a similar Bromium software that Crosby claims is even more robust, quarantines users in a sort of protective bubble — an "isolation chamber," as he calls it — within their computing system. If there is a malware attack, the software safely wipes it away after the browser is closed.

But why isn't Microsoft distributing it now? I asked a Microsoft spokeswoman why the system will be released only later this year. She responded by saying WDAG is currently being tested with Microsoft clients.

A "wake-up call": Security firms are painting a stark picture in which Petya is only the beginning of a dark future of worsening cyber attacks on commercial and government actors. Whoever you are, it's essential that you keep your devices updated with the latest patches because if you're attacked now, there is a good chance you'll never recover your stuff and may lose your hardware, too.

Bottom line: "There's no time anymore for humans to respond with an alert. We have to respond at machine time scale," Crosby tells Axios.

Go deeper