Sophos, a cybersecurity company has disclosed a 62 percent rise in remote encryption attacks, commonly known as ransomware, within the last year.
In its latest report titled “CryptoGuard: An Asymmetric Approach to Countering Ransomware,” the report identifies notable ransomware entities such as Akira, ALPHV/BlackCat, LockBit, Royal, and Black Basta as actively incorporating remote encryption techniques in their cyber attacks.
According to the report, Sophos CryptoGuard, an anti-ransomware technology acquired by Sophos in 2015, has been instrumental in monitoring malicious encryption activities, providing immediate protection, and enabling rollback capabilities even when the ransomware itself does not manifest on a protected host.
“The technology detected the alarming surge in intentional remote encryption attacks, emphasizing the critical need for advanced defense mechanisms against evolving cyber threats,” it said.
Mark Loman, Vice President of Threat Research at Sophos and co-creator of CryptoGuard highlighted the persistent challenge posed by remote encryption attacks, stating, “Remote encryption is going to stay a perennial problem for defenders, and, based on the alerts we’ve seen, the attack method is steadily increasing.”
Ransomware attacks involve leveraging compromised and under-protected endpoints to encrypt data on other connected devices within the same network. Sophos CryptoGuard stands out by taking an innovative approach, analyzing file contents to detect signs of manipulation and encryption, even on remote devices where traditional anti-ransomware protection methods may fall short.
Loman added, “CryptoGuard does not hunt for ransomware; instead, it zeroes in on the primary targets—the files. Focusing on the files can change the power balance between the attackers and the defenders. We’re increasing the cost and complexity for the attackers to successfully encrypt data so that they will abandon their objectives. This is a part of our asymmetric defense approach strategy.”
The report traces the origin of remote encryption attacks back to CryptoLocker in 2013, the first prolific ransomware to utilise asymmetric encryption. Over the years, adversaries have exploited ongoing security gaps in organisations globally and the widespread use of cryptocurrency, escalating the prevalence of ransomware attacks.
Sophos emphasises the significance of informing defenders about the evolving tactics employed by attackers, such as strategically encrypting only a fraction of each file to maximise impact in minimal time.
“As ransomware continues to pose a significant threat to organisations worldwide, the battle against cyber threats requires a multifaceted and adaptive defense strategy,” it reports.
