Cybercrooks opting for remote encryption, report shows

A new report shows that some of the most prolific ransomware groups, such as Akira, ALPHV/BlackCat, Lockbit, Royal, and Black Basta, are switching to remote encryption ransomware when carrying out attacks.

A report from Sophos has revealed how threat actors are changing their strategies. In recent years, threat actors have switched up their approach by refining ransomware-as-a-service (RaaS) models, adopting newer, sophisticated programming languages, and launching attacks at times when they are likely to go undetected.

Sophos concludes that these threat actors increasingly use remote encryption ransomware, which involves “leveraging an organization’s domain architecture to encrypt data on managed domain-joined machines.”

In these attacks, threat actors exploit a compromised or unprotected endpoint to encrypt data on other devices connected to the same network. This attack is particularly fatal as organizations can have a multitude of devices connected to a single network.

“All it takes is one underprotected device to compromise the entire network,” said Mark Loman, the vice president, threat research at Sophos, and co-creator of Cryptoguard.

As attackers are well-versed in the abhorrent art of exploiting systems, they know to look for vulnerabilities, and according to Loman, “most companies have at least one.”

These attacks are particularly troublesome as traditional anti-ransomware protection methods cannot feasibly detect malicious files or activity.

However, Sophos Cryptoguard, the software co-created by Loman, tackles remote ransomware attacks. According to Sophos, “remote detection is triggered when the ransomware is remote to the server.”

Remote ransomware is on the rise and poses a pertinent threat to organizations and companies worldwide, leaving many at risk of being exploited by threat actors. Sophos’ report aims to “inform defenders about this persistent attack method so they can properly protect devices.”

More from Cybernews:

Out with the old: the tech turkeys we kept using in 2023

Decentralized services heat up competition in the VPN market

Federal agencies do not comply with AI rules, audit shows

AI-generated science fiction novel wins literary prize in China

Polish state TV used text messages stolen via Pegasus to attack opposition

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked