An AI-driven Automated Tool for Effective Identification of Victims' Personal Information in Ransomware Data Breaches

Abstract

Ransomware attacks are increasingly resulting in the public leakage of sensitive personal data, affecting both individuals and organizations worldwide. Aimed to inform victims when their personal information is compromised, this paper introduces RDBAlert, a rapid and efficient practical tool that automates the extraction of multimodal personal data from ransomware leak repositories, enabling victims to mitigate damage early and take necessary precautions to protect themselves from further harm. The comprehensive and modular nature of this novel tool contributes several notable features: (i) automation of ransomware data leak detection; (ii) analysis of information in multiple formats and languages by integrating well-known OCR, text/PDF, and image recognition, as well as multimodal currently available AI-related tools; (iii) user-friendly interface for quick and efficient analysis; and (iv) ability to gather forensic evidence for studying security incidents. In addition to the flexible nature of RDBAlert–as each module can be replaced or upgraded with potentially more effective solutions without impacting the overall service–experimental results show that it is highly effective at identifying personal information, which will contribute to the mitigation of ransomware attack consequences.