Skip to main content

Media Alert: Sophos Reports on the Realities of Ransomware

Written by Customer Service on . Posted in Public Companies.

Multi-Part Series Examines Escalating Detection Evasion Techniques and 5 Early Warning Signs Organizations are About to be Hit by Ransomware
Rapidly Changing Attacker Behaviors and Remote Working Signals Urgent Need to Future-Proof and Layer SecurityOXFORD, United Kingdom, Aug. 04, 2020 (GLOBE NEWSWIRE) — Sophos, a global leader in next-generation cybersecurity, today published a multi-part research series on the realities of ransomware, including an industry-first detailed look at new detection evasion techniques in WastedLocker ransomware attacks that leverage the Windows Cache Manager and memory-mapped I/O to encrypt files. A complementary article examines the evasion-centric arms race of ransomware, providing a months-long review of how cybercriminals have been escalating and markedly changing evasion techniques, tactics and procedures (TTPs) since Snatch ransomware in December 2019.The article series also breaks down the five early warning signs organizations are about to be attacked by ransomware and why ransomware attacks continue to occur.“The reality is, ransomware is not going away. At Sophos, we’ve seen gangs like WastedLocker taking evasive tactics to a new level and now even finding ways to bypass behavioral anti-ransomware tools. This is the latest example of attackers getting their hands dirty, using new maneuvers to manually disable software as a precursor to a full blown ransomware attack. Other stealthy activities like exfiltrating data and disabling backups are also precursors. The longer attackers are in the network, the more damage they can inflict,” said Chester Wisniewski, principal research scientist, Sophos. “This is why human intelligence and response are critical security components to detect and neutralize early indicators that an attack is underway. Organizations need to know about escalating trends and harden their perimeter by disabling remote access tools like RDP whenever possible to prevent crooks from gaining access to the network, a common denominator in many ransomware attacks that Sophos analyses.”The combination of these changing attacker behaviors and remote and/or hybrid working environments due to the global COVID-19 pandemic is signaling an urgent need for organizations to prioritize IT security. Businesses also need to future-proof security implementations in anticipation of always-adapting adversaries, disintegrating boundaries and the expanded attack surface caused by COVID-19.The Lineup of Sophos Research IncludesWastedLocker’s techniques point to a familiar heritageRansomware’s evasion-centric arms race5 signs you’re about to be hit by ransomwareThe realities of ransomware: extortion goes socialRansomware: why it’s not just a passing fadImmediate Advice for DefendersShut down internet-facing remote desktop protocol (RDP) to deny cybercriminals access to networksIf you need access to RDP, put it behind a VPN connectionUse layered security to prevent, protect and detect cyberattacks, including endpoint detection and response (EDR) capabilities and managed response teams who watch networks 24/7Be aware of the five early indicators an attacker is present to stop ransomware attacksResearchers from SophosLabs and Sophos Managed Threat Response contributed to the series. For additional information, please reference SophosLabs Uncut and Sophos News.Additional ResourcesRead about additional ransomware and security news on Naked Security Learn about the threat landscape and trends in 2020 in the SophosLabs Threat ReportConnect with Sophos on TwitterLinkedInFacebook, Spiceworks, and YouTubeSophos Resources Related to Cybersecurity During The COVID-19 CrisisSophosLabs has uncovered a variety of different malicious email campaigns connected to COVID-19, as detailed in the SophosLabsUncut blog. Follow the SophosLabs Twitter feed for breaking SophosLabs discoveries: @SophosLabsSophos News provides tips and free resources as people navigate the work-from-home tech/security gauntlet: Cybersecurity guidance during the coronavirus pandemicNaked Security provided security tips on remote working, safe video conferencing and more, plus the latest industry news. Click for easy access to all Naked Security coronavirus-related articlesAbout Sophos
As a worldwide leader in next-generation cybersecurity, Sophos protects more than 400,000 organizations of all sizes in more than 150 countries from today’s most advanced cyber threats. Powered by SophosLabs – a global threat intelligence and data science team – Sophos’ cloud-native and AI-powered solutions secure endpoints (laptops, servers and mobile devices) and networks against evolving cyberattack techniques, including ransomware, malware, exploits, data exfiltration, active-adversary breaches, phishing, and more. Sophos Central, a cloud-native management platform, integrates Sophos’ entire portfolio of next-generation products, including the Intercept X endpoint solution and the XG next-generation firewall, into a single “synchronized security” system accessible through a set of APIs. Sophos has been driving a transition to next-generation cybersecurity, leveraging advanced capabilities in cloud, machine learning, APIs, automation, managed threat response, and more, to deliver enterprise-grade protection to any size organization. Sophos sells its products and services exclusively through a global channel of more than 53,000 partners and managed service providers (MSPs). Sophos also makes its innovative commercial technologies available to consumers via Sophos Home. The company is headquartered in Oxford, U.K. More information is available at www.sophos.com.

Disclaimer & Cookie Notice

Welcome to GOLDEA services for Professionals

Before you continue, please confirm the following:

Professional advisers only

I am a professional adviser and would like to visit the GOLDEA CAPITAL for Professionals website.

Important Notice for Investors:

The services and products offered by Goldalea Capital Ltd. are intended exclusively for professional market participants as defined by applicable laws and regulations. This typically includes institutional investors, qualified investors, and high-net-worth individuals who have sufficient knowledge, experience, resources, and independence to assess the risks of trading on their own.

No Investment Advice:

The information, analyses, and market data provided are for general information purposes only and do not constitute individual investment advice. They should not be construed as a basis for investment decisions and do not take into account the specific investment objectives, financial situation, or individual needs of any recipient.

High Risks:

Trading in financial instruments is associated with significant risks and may result in the complete loss of the invested capital. Goldalea Capital Ltd. accepts no liability for losses incurred as a result of the use of the information provided or the execution of transactions.

Sole Responsibility:

The decision to invest or not to invest is solely the responsibility of the investor. Investors should obtain comprehensive information about the risks involved before making any investment decision and, if necessary, seek independent advice.

No Guarantees:

Goldalea Capital Ltd. makes no warranties or representations as to the accuracy, completeness, or timeliness of the information provided. Markets are subject to constant change, and past performance is not a reliable indicator of future results.

Regional Restrictions:

The services offered by Goldalea Capital Ltd. may not be available to all persons or in all countries. It is the responsibility of the investor to ensure that they are authorized to use the services offered.

Please note: This disclaimer is for general information purposes only and does not replace individual legal or tax advice.