Sophos [1] [3] [4] [5] [6] [7] [8], a global leader in cybersecurity [6], has observed a significant increase in remote encryption ransomware attacks [7], with a 62% annual rise [1] [4]. Notable ransomware groups [1] [2] [4] [5] [6] [7] [8], including Akira [1] [2] [4] [5], ALPHV/BlackCat [1] [2] [4] [5] [7], LockBit [1] [2] [4] [5] [7], Royal [1] [2] [4] [5] [7], and Black Basta [1] [4] [5] [7], are intentionally utilizing this technique.
Description
These attacks involve leveraging a compromised device to encrypt data on other devices within the same network [2] [3] [4] [7] [8], allowing attackers to compromise the entire network through just one vulnerable device [2]. By conducting malicious activities on an unmanaged machine [7], such as ingress, payload execution [7], and encryption [3] [7], these attacks can bypass modern security systems [7]. The use of remote encryption has become a persistent problem due to ongoing security gaps and the use of cryptocurrency by attackers.
Traditional anti-ransomware protection methods are ineffective against these attacks [3] [4] [6] [8], as they do not detect the malicious files or their activity [3] [4] [8]. However, Sophos’ innovative CryptoGuard technology analyzes the contents of files to detect ransomware activity on any device in a network [1] [4] [8], even without malware present [1] [4] [6] [8]. Sophos employs an asymmetric defense approach that focuses on protecting files to increase the cost and complexity for attackers [8].
It is crucial for defenders to be aware of this attack method in order to properly protect devices and networks. Remote encryption ransomware [1] [2] [3] [4] [5] [6] [7] [8], also known as remote ransomware [3] [6], strategically encrypts only a fraction of each file to maximize impact in minimal time [3] [5], making it harder for defenders to notice and respond to the attack [3]. Sophos’ anti-ransomware technology aims to stop both remote attacks and those that encrypt only a small portion of a file [3].
Conclusion
The rise in remote encryption ransomware attacks poses significant challenges for organizations. These attacks can bypass traditional security systems and compromise entire networks through just one vulnerable device. Sophos’ CryptoGuard technology provides an effective solution by analyzing file contents to detect ransomware activity [4] [8], even without malware present [1] [4] [6] [8]. By focusing on file protection, Sophos increases the cost and complexity for attackers [3] [4] [8]. Defenders must be aware of this attack method and implement appropriate measures to safeguard their devices and networks.
References
[1] https://beamstart.com/news/prolific-ransomware-groups-intentionally-switch-17
[2] https://thehackernews.com/2023/12/remote-encryption-attacks-surge-how-one.html
[3] https://finance.yahoo.com/news/prolific-ransomware-groups-intentionally-switch-113000004.html
[4] https://ai-techpark.com/cryptoguard-an-asymmetric-approach-to-the-ransomware-battle-sophos/
[5] https://www.techzine.eu/news/security/114574/remote-ransomware-on-the-rise-great-danger-to-data/
[6] https://www.globenewswire.com/en/news-release/2023/12/20/2799129/0/en/Prolific-Ransomware-Groups-Intentionally-Switch-On-Remote-Encryption-for-Attacks-Sophos-Finds.html
[7] https://thecyberwire.com/podcasts/daily-podcast/1971/transcript
[8] https://www.sophos.com/en-us/press/press-releases/2023/12/prolific-ransomware-groups-intentionally-switch-remote-encryption