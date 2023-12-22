A recent report global cybersecurity firm Sophos has highlighted the increasing prevalence of remote encryption attacks carried out ransomware groups. These malicious actors, including well-known groups such as Akira, ALPHV/BlackCat, LockBit, Royal, and Black Basta, are intentionally triggering remote encryption on under-protected endpoints connected to a network.

Sophos’ anti-ransomware technology, CryptoGuard, has detected a significant 62% year-over-year increase in these intentional remote encryption attacks since 2022. This technology monitors files for malicious encryption and provides immediate protection and rollback capabilities. What sets CryptoGuard apart is its unique approach of analyzing file contents to detect signs of encryption, even if malware is not present on the device.

Companies with extensive networks are particularly vulnerable to remote ransomware attacks. All it takes is one under-protected device for adversaries to compromise the entire network. Mark Loman, vice president of threat research at Sophos and co-creator of CryptoGuard, warns that remote encryption is an ongoing and steadily increasing problem for defenders.

Traditional anti-ransomware protection methods are ineffective against remote encryption attacks since they do not “see” the malicious files or their activity on remote devices. Sophos’ innovative approach focuses on the files themselves, applying mathematical scrutiny to detect signs of manipulation and encryption. This autonomous strategy does not rely on breach indicators, threat signatures, or artificial intelligence, making it highly effective in combatting remote ransomware attacks.

Over the past decade, ransomware groups have increasingly utilized remote encryption as a tactic, taking advantage of security gaps and the anonymity provided cryptocurrencies. To combat this persistent threat, Sophos aims to level the playing field between attackers and defenders increasing the cost and complexity of successfully encrypting data.

As remote ransomware continues to pose a significant challenge to organizations, it is crucial for defenders to implement comprehensive protection measures. Sophos’ CryptoGuard technology offers a promising solution, capable of detecting both remote attacks and those that encrypt only a fraction of a file. By raising awareness of this persistent attack method, defenders can better safeguard their devices and networks against the growing threat of remote ransomware attacks.

For more detailed information on CryptoGuard and its asymmetric approach to combating ransomware, refer to the report “CryptoGuard: An Asymmetric Approach to the Ransomware Battle” on Sophos’ official website.