A global pioneer in cyber security AI, Darktrace, revealed that its Autonomous Response solution, Antigena, effectively stopped an ongoing ransomware attack that recently struck a South African financial services organization.

When it was targeted by a ransomware attack, the company, a developing enterprise providing various financial services to consumers across South Africa, was testing Darktrace AI. The AI technology had developed a unique understanding of the company’s ‘normal’ behavior throughout its digital estate, allowing it to detect tiny signals of a threat and respond quickly.

Darktrace’s security staff and devoted professionals were able to perform a comprehensive investigation after the attack was contained, ensuring that the incident was effectively stored. The company’s Autonomous Response technology subsequently took action to prevent additional contact with the malicious server on the internet across the enterprise, while allowing computers to continue to behave as they had previously learned. The response was targeted and reasonable, ensuring that normal company activities were not disrupted.

VP of Cyber Innovation, Darktrace, Max Heinemeyer, said, “The speed and scale of ransomware attacks today makes it critical that organizations are armed with technology capable of interrupting in-progress, sophisticated attacks without relying on humans to take the sledgehammer out and interrupt wider business operations in the incident response process. It is inevitable that attackers will strike, often out-of-hours, and stories like these elucidate the power of handing over the keys to AI as the first responder to maintain business as usual while freeing up human teams to focus on high-level work like strategy and cyber hygiene.”

Darktrace AI identified that a mail server within the organization was making odd HTTP connections to an external destination in the early morning hours of March 2022, signifying communication with a hostile server on the internet. With a thorough understanding of the organization’s ‘regular’ activities, the AI immediately recognized that this behavior was out of the ordinary and potentially dangerous. Following that, the infected mail server tried reconnaissance and lateral movement. During the incident, attackers used the credentials of 11 employees, including those of C-level officials. Additional machines in the company began interacting with the malicious external server because of this.