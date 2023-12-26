A recent report has uncovered a concerning trend among ransomware groups: the deliberate activation of remote encryption during cyber attacks. This method, also known as remote ransomware, allows attackers to infiltrate deep into company networks and effectively paralyze their operations.

Sophos, a leading provider of cybersecurity services, has observed a significant 62% increase in intentional remote encryption attacks since 2022. Notably, this alarming trend is being adopted some of the most active ransomware groups, including Akira, ALPHV/BlackCat, LockBit, Royal, and Black Basta.

The effectiveness of remote encryption attacks lies in the vulnerability of underprotected endpoints within a network. With thousands of computers connected to a company’s network, it takes just one weak device to compromise the entire system. Mark Loman, Vice President of threat research at Sophos, emphasizes the severity of this issue: “Remote encryption is going to stay a perennial problem for defenders, and, based on the alerts we’ve seen, the attack method is steadily increasing.”

Traditional anti-ransomware protection methods deployed on remote devices are ill-equipped to detect and prevent remote encryption attacks. Because attackers encrypt files remotely, anti-ransomware software fails to detect the malicious activity or protect against unauthorized encryption and potential data loss.

In response to this emerging threat, Sophos has developed CryptoGuard anti-ransomware technology. Unlike conventional approaches, CryptoGuard focuses on analyzing and scrutinizing the files themselves rather than searching for indicators of breach or relying on artificial intelligence. By applying mathematical scrutiny to documents, CryptoGuard can detect signs of manipulation and encryption without network or cloud dependencies.

Furthermore, Sophos has noted that some attackers strategically encrypt only a fraction of each file to optimize the process due to the slower data transfer speeds over a network connection. This tactic has been observed in attacks carried out ransomware groups such as LockBit and Akira.

The increasing prevalence of remote encryption attacks highlights the need for proactive and innovative cybersecurity measures. Organizations must prioritize securing their network endpoints, utilizing advanced anti-ransomware technologies, and maintaining robust data backup systems to mitigate the potentially devastating consequences of such attacks.