Tuesday, 22nd September 2020

Sophos reports on the realities of ransomware

Sophos has published a multi-part research series on the realities of ransomware, including an industry-first detailed look at new detection evasion techniques in WastedLocker ransomware attacks that leverage the Windows Cache Manager and memory-mapped I/O to encrypt files. A complementary article examines the evasion-centric arms race of ransomware, providing a months-long review of how cybercriminals have been escalating and markedly changing evasion techniques, tactics and procedures (TTPs) since Snatch ransomware in December 2019.

The article series also breaks down the five early warning signs organizations are about to be attacked by ransomware and why ransomware attacks continue to occur.


“The reality is, ransomware is not going away. At Sophos, we’ve seen gangs like WastedLocker taking evasive tactics to a new level and now even finding ways to bypass behavioral anti-ransomware tools. This is the latest example of attackers getting their hands dirty, using new maneuvers to manually disable software as a precursor to a full blown ransomware attack. Other stealthy activities like exfiltrating data and disabling backups are also precursors. The longer attackers are in the network, the more damage they can inflict,” said Chester Wisniewski, principal research scientist, Sophos. “This is why human intelligence and response are critical security components to detect and neutralize early indicators that an attack is underway. Organizations need to know about escalating trends and harden their perimeter by disabling remote access tools like RDP whenever possible to prevent crooks from gaining access to the network, a common denominator in many ransomware attacks that Sophos analyses.”


The combination of these changing attacker behaviors and remote and/or hybrid working environments due to the global COVID-19 pandemic is signaling an urgent need for organizations to prioritize IT security. Businesses also need to future-proof security implementations in anticipation of always-adapting adversaries, disintegrating boundaries and the expanded attack surface caused by COVID-19.

CipherTrust Data Security Platform enables businesses to discover, protect and control sensitive dat...
Cybersecurity remains a top priority for SMBs worldwide, as revealed in a survey conducted by Vanson...
F-Secure’s attack landscape update highlights attackers’ strategies to capitalize on the COVID-19 pa...
Latest research from Neustar reveals rise in intensity, sophistication and volume of DDoS attacks am...
Only 12% of chief information security officers (CISOs) excel in all four categories of the Gartner...
Research by Egress reveals organisations suffer outbound email data breaches approximately every 12...
Attivo Networks has published the results of a new research report conducted with Kevin Fiscus of De...
The recent Kaspersky report ‘State of Industrial Cybersecurity in the Era of Digitalisation’ has rev...