In a report titled “CryptoGuard: An Asymmetric Approach to the Ransomware Battle,” published on December 21, 2023, by Sophos, a British-based security software and hardware company, it was discovered that a number of the most well-known and active ransomware groups, such as Akira, ALPHV/BlackCat, LockBit, Royal, and Black Basta, are purposefully using remote encryption in their attacks.
A compromised and frequently weakly protected endpoint is used by adversaries to encrypt data on other devices connected to the same network in remote encryption attacks also referred to as remote ransomware.
All Sophos Endpoint licences come with Sophos CryptoGuard, the anti-ransomware technology that Sophos acquired in 2015*. In addition to monitoring malicious file encryption, CryptoGuard offers instant protection and rollback capabilities—even in situations where the ransomware never manifests on a host that is protected.
Sophos’ layered endpoint protection includes a unique anti-ransomware technology as a last line of defence that only activates when an adversary triggers it later in the attack chain. Since 2022, CryptoGuard has observed a 62% rise in deliberate remote encryption attacks annually.
Read also: Lazarus Group causes $340 million damage in cyberattacks
The risks faced by companies
Mark Loman, vice president of threat research at Sophos and the co-creator of CryptoGuard said: “Companies can have thousands of computers connected to their network, and with remote ransomware, all it takes is one under-protected device to compromise the entire network. Attackers know this, so they hunt for that one ‘weak spot’—and most companies have at least one. Remote encryption is going to stay a perennial problem for defenders, and based on the alerts we’ve seen, the attack method is steadily increasing.”
Traditional anti-ransomware protection techniques installed on remote devices are unable to “see” the malicious files or their activity because this kind of attack entails encrypting files remotely. As a result, they are unable to shield the targets from unapproved encryption and possible data loss.
As stated in the Sophos X-Ops article, Sophos CryptoGuard technology, on the other hand, employs a novel technique to thwart remote ransomware: it examines file contents to determine whether any data has been encrypted in order to identify ransomware activity on any networked device, even if the device is malware-free.
How Sophos has grown as a company
Jan Hruska and Peter Lammer founded Sophos, which started manufacturing its first encryption and antivirus software in 1985. In the UK, the company mainly created and distributed security technologies in the late 1980s and early 1990s, including encryption tools that were accessible to the majority of users (private or business). Towards the end of the 1990s, the company focused on creating and marketing antivirus software and started an international growth initiative.
Sophos was the parent company of ActiveState, a developer of programming tools for dynamic programming languages, from September 2003 to February 2006. After ActiveState was sold to Vancouver-based venture capital firm Pender Financial in February 2006, it became an independent company.
The company purchased ENDFORCE, an Ohio-based business that created and marketed Network Access Control (NAC) and security policy compliance software, in 2007. Astaro, a privately held provider of network security products with headquarters in Wilmington, Massachusetts, USA, and Karlsruhe, Germany, was acquired by Sophos, as announced in May 2011.
While Forbes questioned the deal’s viability at the time, Astaro was the fourth-largest UTM (Unified Threat Management) vendor at the time. The Astaro UTM was later renamed as Sophos UTM by Sophos. Barricade is a start-up with a behaviour-based analytics engine that the company acquired in November 2016. A software provider of malware threat detection, prevention, and pre-breach forensic intelligence, Invincea was purchased by the company in February 2017.
Thoma Bravo paid US$3.9 billion to acquire the company in March 2020.