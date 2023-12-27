Sophos, a leading cybersecurity provider, has recently unveiled alarming findings in its report titled “CryptoGuard: An Asymmetric Approach to the Ransomware Battle.” The report highlights a concerning surge in intentional remote encryption attacks carried out prominent ransomware groups such as Akira, ALPHV/BlackCat, LockBit, Royal, and Black Basta. These attackers have been deliberately leveraging compromised and underprotected endpoints to initiate remote ransomware attacks.

Remote encryption attacks, also known as remote ransomware attacks, involve the encryption of data on connected devices through a compromised endpoint. Sophos’ CryptoGuard, an anti-ransomware technology included in all Sophos Endpoint licenses, has detected a significant 62% year-over-year increase in intentional remote encryption attacks since 2022.

Mark Loman, the Vice President of Threat Research at Sophos, emphasized the vulnerability posed these attacks, stating that “all it takes is one underprotected device to compromise the entire network.” Loman further explained that traditional anti-ransomware protection methods fail to detect and protect against remote ransomware attacks since the malicious files and their activity are not visible on the remote devices.

However, Sophos’ innovative approach with CryptoGuard focuses on analyzing the contents of files to identify any signs of encryption, allowing it to detect ransomware activity on any device within a network. This approach remains effective even if there is no malware present on the device.

The rise of remote encryption attacks can be traced back to the first prolific ransomware, CryptoLocker, which emerged in 2013. Adversaries have since escalated the use of ransomware due to security vulnerabilities in organizations worldwide, as well as advancements in cryptocurrency.

Sophos’ CryptoGuard stands out from other solutions targeting the files themselves rather than hunting for ransomware. By scrutinizing the documents and detecting signs of manipulation and encryption, CryptoGuard disrupts the attackers’ objectives. This approach, according to Sophos, changes the power balance between attackers and defenders, increasing the complexity and cost for attackers to successfully encrypt data.

Given the prominence and impact of remote ransomware attacks, Sophos urges organizations to implement proper protection measures. The company aims to raise awareness and equip defenders with the knowledge necessary to safeguard their devices against this persistent threat.