Adversarial Ransomware Evades Darktrace AI, Stays Undetected for Days

A sophisticated ransomware group altered its malware’s execution patterns just enough to slip under Darktrace’s anomaly thresholds. By applying adversarial machine‑learning techniques, the payload subtly changed network‑traffic signatures, process behaviors, and timing characteristics, keeping its activity within the baseline that the AI model considers “normal.” The evasion allowed the ransomware to propagate laterally, encrypt files, and communicate with its command‑and‑control server without triggering alerts.

The breach remained hidden for several days, giving the attackers time to exfiltrate data and demand ransom before the organization discovered the intrusion through manual investigation. This incident shows that reliance on a single AI‑driven detection layer is insufficient; defenders must incorporate complementary controls such as behavior analytics tuned for low‑signal anomalies, continuous threat hunting, and regular testing of detection models against adversarial inputs to ensure robust coverage.

Categories: AI Security & Threats, Malware & Ransomware, #AI Security & Threats

Source: Read original article