Ransomware is constantly evolving, and the next step in its evolution comes in the form of remote encryption.
A new report from Sophos has claimed, remote encryption is a super destructive method of ransomware attack, and it’s growing more popular by the day, with the company’s anti-ransomware CryptoGuard technology detecting a 62% increase, year-on-year, in intentional remote encryption attacks.
Most of the biggest ransomware operators today, including Akira, ALPHV (AKA BlackCat), LockBit, Royal, and Black Basta, have all deliberately switched on remote encryption for their attacks, Sophos claims.
Hunting weak spots
So what is remote encryption? It’s a form of ransomware in which threat actors leverage a single compromised, unprotected endpoint to encrypt data on other devices connected to the same network, the researchers explained.
“Companies can have thousands of computers connected to their network, and with remote ransomware, all it takes is one underprotected device to compromise the entire network,” said Mark Loman, vice president, threat research at Sophos, and the co-creator of CryptoGuard.
“Attackers know this, so they hunt for that one ‘weak spot’ – and most companies have at least one. Remote encryption is going to stay a perennial problem for defenders, and, based on the alerts we’ve seen, the attack method is steadily increasing.”
Remote encryption is a major issue because traditional anti-ransomware protection methods don’t work well, the researchers further explained. These tools can’t “see” the malicious files, or their activity, and thus cannot protect them from unauthorized encryption and potential data loss.
While remote encryption is gaining in popularity today, it’s hardly a new method. In fact, it was a decade ago that CryptoLocker utilized this method with asymmetric encryption. “Since then, adversaries have been able to escalate the use of ransomware, due to ubiquitous, ongoing security gaps at organizations worldwide and the advent of cryptocurrency,” the researchers added.