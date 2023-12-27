Sophos recently released a report highlighting a growing trend among ransomware groups – the deliberate activation of remote encryption in their attacks. By leveraging compromised and under-protected endpoints, adversaries are able to encrypt data on other devices connected to the same network.

The report, titled “CryptoGuard: An Asymmetric Approach to the Ransomware Battle,” revealed that some of the most active ransomware groups, including Akira, ALPHV/BlackCat, LockBit, Royal, and Black Basta, are increasingly adopting this tactic. The number of intentional remote encryption attacks has seen a significant 62% year-over-year increase since 2022.

Traditional anti-ransomware protection methods deployed on remote devices are often ineffective against such attacks as they fail to detect the malicious files or their activities. However, Sophos’ CryptoGuard technology offers a unique and innovative solution. By analyzing file contents for signs of encryption, CryptoGuard can detect ransomware activity on any device in a network, even without the presence of malware on the device.

Sophos acquired CryptoGuard in 2015 and integrated it into all Sophos Endpoint licenses. The technology acts as a last line of defense in Sophos’ layered endpoint protection, activating only when triggered an adversary later in the attack chain.

Mark Loman, Vice President of Threat Research at Sophos and co-creator of CryptoGuard, emphasized the importance of addressing remote encryption attacks. He highlighted that even with thousands of computers connected to a network, all it takes is one unprotected device to compromise the entire network.

To combat remote ransomware effectively, Loman emphasized the need to focus on file protection rather than solely detecting malware or execution. By scrutinizing the content of files, CryptoGuard can detect signs of manipulation and encryption, increasing the cost and complexity for attackers.

Remote ransomware continues to be a persistent challenge, contributing to the longevity of ransomware attacks as a whole. It is crucial for organizations to be aware of this attack method and implement robust defenses to protect their devices. With the increasing prevalence of remote encryption, it is imperative for defenders to stay vigilant and prioritize file protection to thwart these attacks successfully.