Connect with us

Hi, what are you looking for?

HEADLINES

Sophos reports on realities of ransomware

Sophos, a global player in next-generation cybersecurity, published a multi-part research series on the realities of ransomware, including an industry-first detailed look at new detection evasion techniques in WastedLocker ransomware attacks that leverage the Windows Cache Manager and memory-mapped I/O to encrypt files.

Sophos, a global player in next-generation cybersecurity, published a multi-part research series on the realities of ransomware, including an industry-first detailed look at new detection evasion techniques in WastedLocker ransomware attacks that leverage the Windows Cache Manager and memory-mapped I/O to encrypt files.

A complementary article examines the evasion-centric arms race of ransomware, providing a months-long review of how cybercriminals have been escalating and markedly changing evasion techniques, tactics and procedures (TTPs) since Snatch ransomware in December 2019. 

“The reality is, ransomware is not going away. At Sophos, we’ve seen gangs like WastedLocker taking evasive tactics to a new level and now even finding ways to bypass behavioral anti-ransomware tools. This is the latest example of attackers getting their hands dirty, using new maneuvers to manually disable software as a precursor to a full blown ransomware attack. Other stealthy activities like exfiltrating data and disabling backups are also precursors. The longer attackers are in the network, the more damage they can inflict,” said Chester Wisniewski, principal research scientist, Sophos. “This is why human intelligence and response are critical security components to detect and neutralize early indicators that an attack is underway. Organizations need to know about escalating trends and harden their perimeter by disabling remote access tools like RDP whenever possible to prevent crooks from gaining access to the network, a common denominator in many ransomware attacks that Sophos analyses.”

The combination of these changing attacker behaviors and remote and/or hybrid working environments due to the global COVID-19 pandemic is signaling an urgent need for organizations to prioritize IT security. Businesses also need to future-proof security implementations in anticipation of always-adapting adversaries, disintegrating boundaries, and the expanded attack surface caused by COVID-19.

Advertisement. Scroll to continue reading.

The lineup of Sophos research includes

Immediate advice for defenders

  • Shut down internet-facing remote desktop protocol (RDP) to deny cybercriminals access to networks
  • If you need access to RDP, put it behind a VPN connection
  • Use layered security to prevent, protect and detect cyberattacks, including endpoint detection and response (EDR) capabilities and managed response teams who watch networks 24/7
  • Be aware of the five early indicators an attacker is present to stop ransomware attacks

Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

HEADLINES

In 2024, Converge blocked a record 183 billion entry attempts to  683,000 URLs / domains it has registered in its system as illegal sites....

HEADLINES

HP threat researchers observed large campaigns spreading VIP Keylogger and 0bj3ctivityStealer malware that leverage the same techniques and loaders, suggesting the use of malware...

HEADLINES

Task scammers often impersonate representatives of notable brands such as Shopee Mall or Shopee’s HR Recruitment Team, luring victims with fake part-time or full-time...

HEADLINES

Palo Alto Networks predicts that 2025 is the year deepfakes go mainstream in Asia Pacific. If high-profile individuals can fall victim to identity fraud, children...

HEADLINES

Data privacy is more critical than ever, especially when social media platforms, AI chatbots and connected devices have increased publicly available digital footprints. This...

HEADLINES

The all-cash transaction values Secureworks at approximately $859 million. With the completion of the acquisition, Secureworks’ common stock has ceased trading on Nasdaq. Sophos...

HEADLINES

Acting on reports about a suspicious message urging customers to click a malicious link to redeem ‘Smart points’, the telco quickly sprang into action...

HEADLINES

Likening the Converge network to a digital fortress, CISO Andrew T.  Malijan said that its battlements were strengthened in 2024 as it blocked a...

Advertisement