Remote Ransomware on the Rise
Attackers are increasingly encrypting files out of sight
Ransomware is one of the most significant threats facing organizations today. Battling it is no easy task, particularly given that threat actors are continually refining their techniques and approaches.?
At the end of 2023, Sophos X-Ops noted a significant increase in ‘remote encryption’ attacks – where ransomware attackers breach a compromised and often under protected endpoint to encrypt data on other devices connected to the same network. ??
This trend has only accelerated, with Sophos X-Ops now reporting a 50% year-over-year increase in remote ransomware attacks in 2024. That represents a 141% rise since 2022, underscoring the prevalence of this threat. ?
?As shown on the above chart, remote encryption was relatively low throughout 2022 and the first half of 2023, but it increased significantly in the latter half of 2023. Since then, it’s remained at relatively high levels (albeit with some ups and downs).?
Rising Trend of Remote Ransomware ?
While remote encryption is not new, it has become increasingly common among modern ransomware groups since it can bypass many endpoint security products. That’s because the files are encrypted out of view of defensive capabilities, such as memory scanning and behavior monitoring. ??
Microsoft’s 2023 Digital Defense Report, observed that around 60% of human-operated ransomware attacks involved remote encryption, with 80% of all compromises originating from unmanaged devices. In its 2024 report, Microsoft also found that 70% of successful attacks involved remote encryption. ? ? Chester Wisniewski, director and global field CISO?at Sophos, said, “Remote encryption has now become a standard part of ransomware groups’ bag of tricks. Every organization has blind spots and ransomware criminals are quick to exploit weaknesses once discovered. ?Businesses need to be hypervigilant in ensuring visibility across their entire estate and actively monitor any suspicious file activity.”? ?
What to Do to Stay Protected? ??
To stay secure against remote ransomware, Sophos recommends the following:? ?
Learn more about remote ransomware:??
How Sophos Endpoint Stops Remote Ransomware with cryptoguard:? https://www.youtube.com/watch?v=eihGJtfzD_k?
Former Enablement Expert. Now Cloud & IT Engineer | Solutions Consultant | Pre-Sales | AWS | Networking | Security | Linux | Windows | MacOS | LMS
1 天前Very interesting read. I’m currently developing a solution that sits within the existing tech stack such as Splunk and CrowdStrike. It will pick up on potential attacks, fights ransomware, resolve the issue and deploys a solution, creates a report and turn this into a playbook, giving you a full end to end document for cyber auditing, mentioning what needs to be done looking forwards. All serverless on AWS, involving AI and GenAI.
Cybersecurity | Ethical Hacker | Data Science | Videographer | M300 Pilot | Methodologist | Photographer | Free Thinker | Sigma
1 天前Side note: Remote ransomware **could still work in a Web 3.0 environment**, but the impact and methods might differ due to its decentralized nature. Web 3.0 emphasizes decentralization, blockchain, and user control over data, which could make ransomware attacks harder compared to centralized systems. Blockchain’s immutability makes it difficult for ransomware to encrypt data, as once written, blockchain data cannot be altered. However, ransomware could still target **user applications** (dApps) or exploit vulnerabilities in poorly coded decentralized apps. **Smart contracts**, a core feature of Web 3.0, could also be vulnerable to bugs or exploits, potentially allowing attackers to lock or manipulate contract functions for ransom. Furthermore, **phishing** and **social engineering** remain common tactics, and Web 3.0’s decentralized nature doesn’t prevent attackers from tricking users into downloading ransomware. Despite Web 3.0’s security advancements, the evolving sophistication of ransomware means it remains a potential threat, especially if new vulnerabilities are discovered in decentralized technologies.
Mobile Developer at Thoughtworks specializing in Mobile Development
1 天前Can we think about using NTRU encryption in this case.
Do we feel that adding a layer of MFA onto a personal device for a banking app, to add in the additional security feature which is entry only into the app using a Face ID - will this assist in lowering the risk of a personal device being infiltrated by bad actors?
Head of Digital Marketing @ Opus Sdn Bhd | Driving Brand Visibility, Engagement, and Revenue Growth
1 天前This makes me think