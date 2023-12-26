According to a recent report from cybersecurity firm Sophos, attackers are increasingly using remote encryption in their ransomware attacks. The report highlights that several prominent ransomware groups, including Akira, ALPHV/BlackCat, LockBit, Royal, and Black Basta, are deliberately leveraging remote encryption to compromise networks. In remote encryption attacks, attackers exploit a compromised and often underprotected device to encrypt data on other devices connected to the same network.

Sophos’ anti-ransomware technology, CryptoGuard, has detected a significant 62% year-over-year increase in intentional remote encryption attacks since 2022. Unlike traditional anti-ransomware protection methods, CryptoGuard takes an innovative approach analyzing the contents of files to detect ransomware activity on any device within a network, even without the presence of malware on the device.

The use of remote encryption in ransomware attacks has been growing steadily over the past decade. The rise of remote encryption can be attributed in part to ongoing security vulnerabilities within organizations worldwide and the proliferation of cryptocurrency. Attackers have realized that compromising a single underprotected device on a network can lead to the encryption of an entire network’s data.

Mark Loman, Vice President of Threat Research at Sophos and the co-creator of CryptoGuard, explains that their technology focuses on the files rather than the ransomware itself. By applying mathematical scrutiny to documents and detecting signs of manipulation and encryption, CryptoGuard aims to increase the cost and complexity of successful data encryption attackers.

Remote ransomware poses a significant challenge to organizations and contributes to the longevity of ransomware as a whole. Attackers strategically encrypt only a portion of each file to maximize impact in minimal time, reducing the window for defenders to respond. Sophos’ anti-ransomware technology aims to combat both remote attacks and those that encrypt only a fraction of a file.

Organizations are urged to be aware of this persistent attack method and take appropriate measures to protect their devices and data. Sophos recommends implementing comprehensive cybersecurity solutions that prioritize file protection to counter the growing threat of remote encryption in ransomware attacks.