Darktrace AI Stops Sophisticated Ransomware Attack At South African Financial Services Provider

Rhea-AI Summary

On April 5, 2022, Darktrace announced its Autonomous Response technology, Antigena, successfully thwarted a ransomware attack targeting a South African financial services company. During a trial of Darktrace AI, the technology identified unusual behavior within the company’s systems, revealing an ongoing attack using stolen credentials of 11 employees, including C-level executives. Darktrace's AI acted quickly, halting communications with the malicious server while maintaining regular operations. This incident highlights the importance of AI in cyber security to counteract sophisticated threats.

Positive

• Successfully stopped a ransomware attack targeting a financial services provider in South Africa.
• AI technology autonomously identified and responded to the threat without disrupting normal business operations.
• Demonstrated the effectiveness of Darktrace's self-learning AI in real-time threat detection.

Negative

• None.

CAMBRIDGE, England, April 5, 2022 /PRNewswire/ -- Darktrace, a global leader in cyber security AI, today announced that its Autonomous Response technology, Antigena, successfully stopped an in-progress ransomware attack that recently targeted a financial services company in South Africa. 

The company, a growing firm providing various financial services to customers across South Africa, was trialing Darktrace AI when it was targeted by a ransomware attack. The AI technology had formed a unique understanding of the company's 'normal' behavior across its digital estate so it could spot the subtle signs of a threat and fight back at machine speed.

In the early morning hours in mid-March 2022, Darktrace AI detected that a mail server within the company was making unusual HTTP connections to an external endpoint, indicating communication with a malicious server on the internet. Equipped with an understanding of the organization's 'normal' operations, the AI instantly identified that this behavior was abnormal and potentially threatening.

The compromised mail server subsequently attempted to perform reconnaissance and lateral movement. Attackers were using 11 employees' credentials during the incident, including those belonging to C-level executives. Following this, additional machines in the organization began communicating with the malicious external server.

Darktrace's Autonomous Response technology then took action to interrupt further communication with the malicious server on the internet across the organization, while allowing the previously learned, regular behavior of machines to continue. The response was targeted and proportionate, avoiding disruption to normal business operations. After the attack was contained, the company's security team and dedicated Darktrace experts were able to conduct a full investigation to ensure that the attack was fully contained.

"The speed and scale of ransomware attacks today makes it absolutely critical that organizations are armed with technology capable of interrupting in-progress, sophisticated attacks without relying on humans to take the sledgehammer out and interrupt wider business operations in the incident response process," commented Max Heinemeyer, VP of Cyber Innovation, Darktrace. "It is inevitable that attackers will strike, often out-of-hours, and stories like these elucidate the power of handing over the keys to AI as the first responder to maintain business as usual while freeing up human teams to focus on high-level work like strategy and cyber hygiene."

About Darktrace

Darktrace (DARK:L), a global leader in cyber security AI, delivers world-class technology that protects over 6,500 customers worldwide from advanced threats, including ransomware and cloud and SaaS attacks. Darktrace's fundamentally different approach applies Self-Learning AI to enable machines to understand the business in order to autonomously defend it. Headquartered in Cambridge, UK, the company has more than 1,700 employees and over 30 offices worldwide. Darktrace was named one of TIME magazine's 'Most Influential Companies' for 2021.

Media Contacts

Tom Bermingham Brands2Life (UK) +44 (0) 7983 857 952 darktrace@brands2life.com

Jessica Cheney CommStrat (US)  +1 419 350 4614 darktrace@commstrat.com

 

View original content:https://www.prnewswire.com/news-releases/darktrace-ai-stops-sophisticated-ransomware-attack-at-south-african-financial-services-provider-301517557.html

SOURCE Darktrace

FAQ

What was the ransomware attack incident involving Darktrace on April 5, 2022?

Darktrace announced that its AI technology, Antigena, successfully prevented a ransomware attack targeting a financial services firm in South Africa.

How did Darktrace's AI respond to the South African ransomware attack?

The AI detected unusual behavior indicating the attack and interrupted communication with the malicious server while preserving normal operations.

What are the implications of Darktrace's actions during the ransomware attack?

The incident showcases the crucial role of AI in cybersecurity, allowing organizations to react quickly to threats without disrupting business.

What technology did Darktrace use to stop the ransomware attack?

Darktrace utilized its Autonomous Response technology, called Antigena, to detect and respond to the threat in real-time.

What are the credentials involved in the ransomware attack on the South African firm?

The attackers used the credentials of 11 employees, which included those of C-level executives.