The year 2017 saw some of the most destructive cyberattacks in the history of the internet. These include damages from Diskcoder.C/NotPetya that amounted to more than $10 billion, and its better known—yet slightly less impactful—sibling, WannaCryptor.D/WannaCry, resulting in costs between $4 billion and $8 billion.
To counter threats like these, ESET has been adding new protective layers to its detection engine since the 1990s, including the current machine learning-powered engine named Augur. With its mix of precisely chosen classification algorithms and neural networks such as LSTM and deep learning, Augur is designed to achieve high detection rates with very low false positive rates. The combination of multiple machine-learning methods also makes Augur resilient against attackers’ attempts to mislead or misuse the engine.
To showcase the results of Augur, we tested its early builds, originating in the first months of 2017, against the most prolific ransomware strains targeting business environments later that year. The test set included samples of Diskcoder.C/NotPetya, DiskCoder.D/BadRabbit and WannaCryptor.D/WannaCry, as well as multiple variants of Crysis ransomware.
The results show that despite the Augur model being months older than the malware samples, the file detection ratio is high, in some cases close to flawless. However, the most important lesson for every business is that Augur was able to correctly identify the malicious nature of the sample at the point when it was run in the memory of the infected device. This would provide defenders with a chance to stop the threat before it could cause major damage within company infrastructure.
We need to stress that Augur is only one of the many protective layers implemented in ESET products, and that other technologies would have stepped in if necessary.
The power of Augur is already available to ESET clients on multiple fronts. Each endpoint and device with ESET LiveGrid® enabled benefits from Augur’s ability to analyze emerging threats. And, enterprise clients have Augur at their disposal via ESET Dynamic Threat Defense (EDTD).
