Reduce Downtime Risk with Infinidat’s Next-Gen Data Protection; Adopt Ransomware Detection to Make You Recovery-Ready! - Part 1

According to a February 2025 article in SiliconANGLE, a recent report from S.C. Bitdefender SRL identified that February 2025 was the worst month on record for ransomware attacks. This last February “set a record for the highest number of ransomware attacks ever reported.”

Check Point Research reported the highest increase of global cyberattacks seen in two years – a 30% increase of global cyberattacks in Q2 2024, up from Q2 2023, now at 1,636 cyberattacks per week.

Comparitech reported in their “Ransomware Roundup” for Q1 2025 that they recorded 2,190 ransomware attacks globally – an increase of 184% from ransomware attacks recorded for Q1 2024.

The cost of cybercrime is immense, with estimates that it will cost enterprises $10.5 trillion in 2025, according to Cybersecurity Ventures. Cybersecurity has become a top concern of CEOs worldwide. Comparitech reported that “the average ransom demanded, across all of the confirmed attacks, was $2.14 million, with government organizations seeing the highest average across each sector ($6.7 million).”

As the crisis of ransomware and cyberattacks continues to grow, it is not a matter of if but when any organization will suffer a cyberattack/ransomware attack.

The risk increases every day because cybercriminals are not standing still – they continue to evolve and shift their tactics to find and exploit new software vulnerabilities and are doing so at an increasing rate, now using AI tools to accelerate their attack vectors.

How they attack is not a big secret. First, they find a vulnerability to gain access to internal networks. Then, they move to a phase of manual intrusion and deploy their ransomware code. During that time, they analyze compromised networks, increase their access and rights privileges while they surreptitiously plant malicious code across an organization’s data infrastructure.

While they may be undetected until they launch a full-scale attack, organizations are frequently already compromised before any sign of a cyberattack. This phase used to take place over weeks or months. Now, the trajectory of a cyberattack can occur in just over days or hours, from manual intrusion to ransomware code deployment and, finally, the launch of the attack on the data.

These are some of the methods that cybercriminals use to hide ransomware before an attack:

• Timebomb Ransomware – Remains dormant for a period before activating, ensuring the potential to infect backups and making them useless when needed.
• Slow and Intermittent Encryption – Encrypting only portions of files, over time. Slow and subtle corruption is designed to stay below the radar of threshold-based monitoring tools.
• Maintaining Original Metadata – Some ransomware maintains the original metadata of the files after encryption to make it difficult for basic inspections to identify the corruption based on detection of changes in file name, size, or extensions.
• Database Corruption - Sophisticated attacks corrupt database pages without immediate detection, enabling operations to continue unnoticed until routine maintenance reveals the issue, by which time significant data loss may have occurred.
• Shadow Encryption – An evolving approach of encrypting files in memory or using multiple encryption algorithms that attempts to make it nearly impossible to detect using traditional methods.

Because of increasingly sophisticated methods of rapidly planting the seeds of an attack and attacking data with the intent to be undiscovered, early detection is crucial to limit the impact of such attacks. In their report, Bitdefender recommends that all organizations take proactive security measures to reduce the risk of exploitation.

Infinidat understands the importance of proactive detection and response. That is why our InfiniSafe® Cyber Detection is not limited to detecting when an attack is activated. Notification and warning when an attack begins are not enough – it's too late! Proactive detection requires detection further upstream in the process to provide more time to respond.

InfiniSafe Cyber Detection is based on the sophisticated AI and content analysis of Index Engines’ CyberSense. It uses over 200+ content-based analytics to examine the full content of files and database pages, looking for subtle changes over time. This proactive examination of content can identify even subtle signs of ransomware activity.

InfiniSafe Cyber Detection has been a joint effort with our partner Index Engines. Our content-based analytics utilize extensive AI training on the actual behaviors of ransomware and how they affect data content. This includes understanding patterns of corruption, encryption/decryption, and mass deletion:

• The AI models are trained on tens of millions of data sets and have been validated against 120 million real-world samples.
• Our solution utilizes an ensemble of 10 different machine-learning engines. These models operate independently and then perform a polling process to generate a single prediction on whether the data change is indicative of a ransomware attack.
• The AI training process is not a one-time event. It is a continuous process of 850+ new ransomware variants analyzed daily.

Samples from each category are launched in the lab to test against the current software version. If a new variant is not accurately detected, the system goes back into a retraining mode.

The ML engine is continuously trained with data reflecting existing and emerging ransomware corruption patterns. Index Engines validates the ML engine using approximately 15 million customer samples, and any incorrect predictions are merged back into the training data for refinement.

A final test is conducted on 30 million completely different data sets, often from real-world customer analytics, to ensure the 99.99% accuracy is maintained before a code release, as validated by leading industry analyst ESG.

As a result, this powerfully trained, highly accurate deep awareness not only enables proactive detection but gives you the confidence of knowing that your data has integrity and that cybercriminals are not circumventing your data analytics tools, hiding their tracks, and covertly corrupting your data before launching a full-scale attack.

This ends Part 1. Tune in for Part 2, which will highlight how InfiniSafe Cyber Detection not only uses AI-powered deep content analytics for proactive detection of ransomware and cyberattacks, but also uses the deep analytics to provide industry-leading forensic analysis and reporting of cyberattacks.