Sophos introduces CryptoGuard, a cutting-edge defense against rising remote encryption attacks, as ransomware groups strategically exploit compromised endpoints. The proprietary technology detects and counters intentional remote encryption, experiencing a 62% YoY increase since 2022.
4 January 2024 – Sophos, a global leader in cybersecurity, recently released a groundbreaking report titled “CryptoGuard: An Asymmetric Approach to the Ransomware Battle.” The report highlights a concerning trend where prominent ransomware groups, including Akira, ALPHV/BlackCat, LockBit, Royal, and Black Basta, are strategically employing remote encryption attacks. These attacks, also known as remote ransomware, exploit compromised endpoints to encrypt data on connected network devices. Sophos’ proprietary CryptoGuard technology, acquired in 2015, emerges as a robust defense mechanism, experiencing a 62% year-over-year increase in detecting intentional remote encryption attacks since 2022.
The report underscores the critical role CryptoGuard plays as the last line of defense in Sophos’ layered endpoint protection. This anti-ransomware technology monitors malicious encryption of files, providing immediate protection and rollback capabilities, even in scenarios where the ransomware doesn’t manifest on the protected host. Unlike traditional methods, CryptoGuard analyzes file contents to detect ransomware activity on any device in a network, irrespective of malware presence.
Mark Loman, Vice President of Threat Research at Sophos and co-creator of CryptoGuard, emphasizes the perpetual challenge remote ransomware poses to organizations. He explains that by zeroing in on the primary targets – the files themselves – CryptoGuard disrupts the attackers’ playbook, increasing the cost and complexity of successfully encrypting data.
Remote ransomware, a persistent issue for organizations, has contributed to the prolonged existence of ransomware threats globally. Sophos hopes to empower defenders with insights into this evolving attack method, enabling them to safeguard their devices effectively.
