{"id":23544,"date":"2023-12-07T05:20:57","date_gmt":"2023-12-07T13:20:57","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2023\/12\/07\/news-17274\/"},"modified":"2023-12-07T05:20:57","modified_gmt":"2023-12-07T13:20:57","slug":"news-17274","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2023\/12\/07\/news-17274\/","title":{"rendered":"Sophos Endpoint: Industry-leading protection against remote ransomware attacks"},"content":{"rendered":"

<\/p>\n

Credit to Author: Sally Adam| Date: Thu, 07 Dec 2023 10:25:16 +0000<\/strong><\/p>\n

\n

Around 60% of human-operated ransomware attacks now involve malicious remote encryption<\/a>. Read on to learn about this prevalent ransomware attack vector and Sophos\u2019 industry-leading protection capabilities.<\/p>\n

What is remote ransomware?<\/h2>\n

Remote ransomware, also known as malicious remote encryption, is when a compromised endpoint is used to encrypt data on other devices on the same network.<\/strong><\/p>\n

In human-led attacks, adversaries typically try to deploy ransomware directly to the machines they want to encrypt. If their initial attempt is blocked (for example, by security technologies on the target devices) they rarely give up, choosing instead to pivot to an alternative approach and try again, and again.<\/p>\n

Once attackers succeed in compromising a machine they can leverage the organization\u2019s domain architecture to encrypt data on managed domain-joined machines. All the malicious activity \u2013 ingress, payload execution, and encryption \u2013 occurs on the already-compromised machine, therefore bypassing modern security stacks. The only indication of compromise is the transmission of documents to and from other machines.<\/p>\n

Eighty percent of remote encryption compromises originate from unmanaged devices on the network<\/a>, although some start on under protected machines that lack the defenses needed to stop attackers getting onto the device.<\/p>\n

Why is remote ransomware so prevalent?<\/h2>\n

A key factor driving the widespread use of this approach is its scalability: A single unmanaged or under-protected endpoint can expose an organization\u2019s entire estate to malicious remote encryption, even if all the other devices are running a next-gen endpoint security solution.<\/p>\n

To make matters worse, adversaries are not limited in their choice of ransomware variant for these attacks. A wide range of well-known ransomware families support remote malicious encryption, including Akira, BitPaymer, BlackCat, BlackMatter, Conti, Crytox, DarkSide, Dharma, LockBit, MedusaLocker, Phobos, Royal, Ryuk, and WannaCry.<\/p>\n

Furthermore, most endpoint security products are ineffective in this scenario because they focus on detecting malicious ransomware files and processes on the protected endpoint<\/em>. However, with remote encryption attacks, the processes run on the compromised machine, leaving the endpoint protection blind to the malicious activity.<\/p>\n

Fortunately, Sophos Endpoint includes robust protection against malicious remote encryption, powered by our industry-leading CryptoGuard protection.<\/p>\n

Sophos CryptoGuard: Industry-leading, universal ransomware protection<\/h2>\n

Sophos Endpoint contains multiple layers of protection that defend organizations from ransomware, including CryptoGuard, our unique anti-ransomware technology that is included in all Sophos Endpoint subscriptions.<\/p>\n