Ransomware gangs are increasingly turning to remote encryption, and that’s a huge problem
Ransomware is constantly evolving and the next step in its evolution comes in the form of remote encryption.
A new report from Sophos claims that remote encryption is a highly destructive method of ransomware attacks, and that it is becoming more popular by the day, with the company's anti-ransomware CryptoGuard technology seeing a 62% increase year on year in detects intentional attacks. remote encryption attacks.
Most of today's biggest ransomware operators, including Akira, ALPHV (AKA BlackCat), LockBit, Royal, and Black Basta, have all deliberately enabled third-party encryption for their attacks, Sophos claims.
Hunting for weak spots
So what is remote encryption? It is a form of ransomware in which threat actors use a single compromised, unprotected endpoint to encrypt data on other devices connected to the same network, the researchers explain.
âEnterprises may have thousands of computers connected to their network, and with remote ransomware, it only takes one underprotected device to compromise the entire network,â said Mark Loman, vice president, threat research at Sophos, and co-creator from CryptoGuard .
âAttackers know this, so they look for that one 'weak spot' â and most companies have at least one. Remote encryption will remain an ongoing problem for defenders, and based on the warnings we've seen, the attack method is steadily expanding.â
Remote encryption is a major problem because traditional anti-ransomware protection methods don't work well, the researchers further explained. These tools cannot 'see' the malicious files or their activity and thus cannot protect them from unauthorized encryption and possible data loss.
Although remote encryption is becoming increasingly popular these days, it is hardly a new method. In fact, it has been ten years since CryptoLocker used this asymmetric encryption method. âSince then, adversaries have been able to escalate the use of ransomware, due to pervasive, ongoing security breaches at organizations around the world and the rise of cryptocurrency,â the researchers said.