Ransomware was a major menace last year. Though full figures aren\u2019t in yet, ransomware messages rose 6,000% according to IBM Security as the WannaCry attack brought ransomware to the front pages and boardroom discussions.If you think 2018 will be any better, think again. Just as the year was starting, Google Project Zero researchers shared details about Spectre and Meltdown, two vulnerabilities in chips from Intel, AMD and ARM that affect most computers. It\u2019s a mind-blowing fact that these vulnerabilities are present in Intel CPUs built since 1995. That\u2019s over twenty years of hardware that is powering much of the world\u2019s offices, critical infrastructure and cloud environments. These are hardware bugs, errors in the physical chip itself and there are implications for all Windows, Mac and Linux systems that use the chips \u2013 and in cloud environments as well.While the chipmakers and OS creators rush to mitigate the effects of Spectre and Meltdown, the tech world is broadcasting to hackers that there\u2019s a new path for ransomware. In my "Can AI eliminate phishing,", I argued that AI-based tools were the best weapon for fighting phishing attacks. The same is true when it comes to ransomware.Why Spectre and Meltdown are bad news for ransomwareBefore we look at the solution, let\u2019s take a closer look at Spectre and Meltdown. Spectre breaks the isolation between different applications. It allows an attacker to trick \u201cgood\u201d programs, which follow best coding practices, into leaking their secrets to a \u201cbad\u201d program running on the same machine. In fact, the safety checks of \u201cbest practices\u201d increase the attack surface and may make applications more susceptible to Spectre.Meltdown breaks the isolation between user applications and the operating system. This attack allows a program to access the memory (and the private data) of other programs and the operating system.These two vulnerabilities allow a hacker to launch malicious code on a machine that can steal data from other applications, including passwords. This flaw makes multi-tenant environments (where more than one customer\u2019s or user\u2019s data and applications are being used, even those running on separate virtual machines) much less secure than previously thought. \u00a0Malicious code on one VM can now steal data from other customers\u2019 apps running in other VMs.With this data, ransomware attacks that \u201clock\u201d machines and their data from being used by their rightful owners could become much more rampant, as it will be easier to hijack access control information.What businesses can do to protect themselvesIt is believed that current antivirus programs won\u2019t detect these Spectre and Meltdown-based exploits, and log files won\u2019t demonstrate additional activity that would be deemed \u201cmalicious.\u201dAs a result, these vulnerabilities could be used to steal data, block usage, or hijack the control of these devices, impacting all industries, with critical infrastructure. For segments like healthcare and financial services, the implications are particularly worrisome.It is critical to point out, that even without Spectre and Meltdown, creating yet another set of attractive attack vectors for the bad guys to exploit, 2018 was shaping up to be a bad year for ransomware.\u00a0 The evolution of the tools and techniques leveraged in 2017 was enough to cause havoc, particularly on systems where known vulnerabilities were not fixed with necessary software updates.\u00a0 Now there are additional vulnerable pathways to pursue, and these won\u2019t be quickly or easily patched.That means we will need another wave of protection, with AI playing a key role, to do the following:Find machines that have not been patched \u2013 firmware, OS and applications. Humans are notoriously bad at finding all their unpatched machines, and making the necessary updates in a timely manner.Detect data flows out of applications that should not have access \u2013 an application launched from a website link should not be uploading sensitive employee or customer data, for example.Lock down systems that have not been patched.Detect vulnerabilities in future chip and OS designs, preventing similar future issues.Going forward, many businesses will be increasingly turning to AI to fight ransomware. Traditionally, ransomware security was based on matching viruses to a database of known malware. But AI offers a more dynamic approach that looks for telltale signs of ransomware, like a program that begins encrypting files without showing a status bar.The movement to AI-based security has already been occurring, of course. But one positive outcome of Spectre\/Meltdown is that the threat is now apparent to everyone. The solution should be, too.