Microsoft details AI use in combating ransomware attacks

Microsoft has sought to bolster the ransomware combating capabilities of Microsoft Defender for Endpoint by integrating artificial intelligence improvements, reports ZDNet. Machine learning algorithms enabling the identification of malicious files, user accounts, processes, and devices have been added to Defender for Endpoint to enable an improved analysis of attacker patterns and behaviors. Microsoft has also included AI-generated time-based and statistical security alert analysis, graph-based suspicious event aggregation, and device-based event monitoring. Such features have allowed better pattern and connection identification, with ransomware-associated files and entities blocked automatically in the event of an adequate confidence level, according to Microsoft. "With its enhanced AI-driven detection capabilities, Defender for Endpoint managed to detect and incriminate a ransomware attack early in its encryption stage, when the attackers had encrypted files on fewer than four percent (4%) of the organization's devices, demonstrating improved ability to disrupt an attack and protect the remaining devices in the organization," said Microsoft.