Ransomware and Deepfake Technology: The Convergence of Cyber Threats

What Is Deepfake Technology?

Deepfake is a technology that enables the manipulation of media, such as photos and videos, to create false or misleading content. Using machine learning and artificial intelligence algorithms, deepfake technology can be used to superimpose individual faces onto different bodies in videos, generate entirely new video and audio content, and manipulate existing footage to create convincing simulations of events that never occurred. The potential misuse of deepfake technology poses significant ethical and security challenges, including the creation of fake news and disinformation campaigns, online harassment and abuse, and the undermining of public trust in media and democratic institutions.

How Are Cyber-crimminals Using Deepfake Technology?

Cybercriminals are investing in AI to create synthetic or manipulated digital content for use in cyberattacks and fraud. Deepfakes allow cybercriminals to engage in identity theft, run social engineering scams, and execute ransomware attacks. This technology could also improve the effectiveness of business email compromise (BEC) attacks. Deepfakes are convincing and realistic, making these attacks harder for individuals and businesses to detect.

In March 2019, the CEO of a UK energy company was tricked into transferring $243,000 to a “Hungarian supplier” after receiving a convincing phone call from someone who sounded like his boss, according to article published by The Wall Street Journal. There is uncertainty about whether this was the first instance of AI being utilized for such attacks or if there have been unreported incidents where authorities were unable to detect the technology being used.

It seems inevitable that AI will lead to more frequent cyberattacks. At the end of the day, if the technology proves to be useful in making attacks more successful or profitable, it is likely that hackers will continue to employ it.

How Deepfake Will Be Used to Launch Ransomware Campaigns

A student at the University of Groningen, specializing in AI, defined deepfake ransomware (or ‘RansomFake’) as “a type of malicious software that automatically generates fake video, which shows the victim performing an incriminatory or intimate action and threatens to distribute it unless a ransom is paid.”

It’s highly likely that deepfake technology will become more widely used in ransomware campaigns as attackers create convincing fake videos or audio recordings to extort money from businesses or individuals. For instance, a cybercriminal could create a deepfake video showing a company’s CEO revealing confidential information or engaging in inappropriate conduct. The hacker would then threaten to release the video publicly unless the company paid a ransom. Similarly, hackers could use deepfake audio recordings to impersonate an executive or employee and trick someone into transferring money or sensitive information. The use of deepfake technology in ransomware campaigns could increase the level of sophistication and effectiveness of these attacks, making it more challenging for victims to detect and prevent them.

How Can Firms Protect Themselves Against Deepfake Ransomware Attacks?

The methods used to prevent deepfake attacks are similar to those used to prevent social engineering attacks. Both types of attacks rely on manipulating individuals or groups through deception, and so awareness is critical in both cases. Educating employees about deepfake technologies, how they work, and the risks they pose, is probably the first line of defense. However, companies should also consider the following to protect themselves against deepfake technologies:

Use the latest ransomware detection tools

While many deepfake ransomware campaigns may not actually use malware to infect your system and encrypt your files, it is still crucially important that you leverage the latest and greatest ransomware detection tools that use a combination of heuristic analysis, machine learning, and behavioral analysis to identify and block ransomware threats in real-time. Some solutions use signature-based detection, whereas others will monitor network traffic and data/user behavior. Some tools can also roll back changes made by ransomware to restore data to its previous state before the attack occurred.

Detox your data

If you want to make it difficult for cybercriminals to generate harmful material about you or your organization, you will need to be mindful of what you share on social media. Conduct an audit of your current photos and videos, and evaluate who can view them. Limit exposure to public-facing photos or share them exclusively with a select group of contacts. If you come across photos that you did not post, remove yourself from them or request that your contact takes them down.

Use secure communication channels

If you have alternative ways to contact individuals in your network, whether you have a personal relationship with them or not, it is advisable to utilize those methods to confirm two things: first, their true identity; and second, whether they truly sent the private messages regarding a supposed video of you that they claim to have discovered online.

Use authenticity verification tools

There are various authenticity verification tools available that can help companies to determine whether a piece of content is genuine or a deepfake. These tools use sophisticated algorithms and machine learning techniques to detect anomalies in digital content.

How Lepide Helps Protect Against Ransomware

The Lepide Data Security Platform uses machine learning models to identify anomalous user activity by analyzing large amounts of data and identifying patterns that deviate from normal behavior. Our Ransomware protection solution can help to protect you from ransomware attacks by detecting and responding to events that match a pre-defined threshold condition. For example, if X number of files are encrypted or renamed within a given time-frame, a custom script can be automatically executed that can disable an account or process, change the firewall settings, shut down the affected server, or anything else that will prevent the attack from spreading.

If you’d like to see how the Lepide Data Security Platform can help you defend against ransomware attacks, schedule a demo with one of our engineers or start your free trial today.