SecurityBrief India - Technology news for CISOs & cybersecurity decision-makers
India
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware
Search
Story image
#
Malware
#
Network Security
#
Cybersecurity

Spike in remote ransomware attacks reported by Sophos

Today
Author image
By Kaleah Salmon, Journalist

Sophos has released research highlighting the significant rise in remote ransomware attacks, which encrypt data across networks from unmanaged and unprotected devices.

According to Sophos X-Ops, remote ransomware incidents have increased by 141% since 2022 and by 50% in 2024 alone. Although this type of ransomware attack is not new, it has become more prevalent among ransomware groups due to its capability to bypass endpoint security measures.

Remote encryption attacks typically compromise an unmanaged or insufficiently protected endpoint and use this entry point to encrypt data on Managed, domain-joined systems. This method allows attackers to evade some security products, as malicious activities occur on remote, unmonitored devices, avoiding triggers for breach indications on the intended target devices.

Microsoft's 2023 Digital Defense Report revealed that approximately 60% of human-operated ransomware attacks involved remote encryption, with 80% originating from unmanaged devices. By the following year, Microsoft's findings showed that 70% of successful ransomware attacks were conducted via remote encryption.

Chester Wisniewski, Director and Global Field CISO at Sophos, remarked on this emerging trend: "Remote encryption has now become a standard part of ransomware groups' bag of tricks. Every organisation has blind spots, and ransomware criminals are quick to exploit weaknesses once they are discovered. Increasingly the criminals are seeking out these dark corners and using them as camouflage. Businesses need to be hypervigilant in ensuring visibility across their entire estate and actively monitor any suspicious file activity."

The analysis from Sophos X-Ops suggests remote encryption activity was notably lower through 2022 and the first half of 2023. However, it escalated considerably in the second half of 2023, maintaining a generally high incidence since, despite fluctuations.

This increase in remote ransomware attacks signifies a challenging landscape, as attackers can compromise several endpoints through a single vulnerable machine. The encryption occurs stealthily, with unencrypted data leaving servers and returning encrypted, concealed from local security scans and monitoring activities.

Sophos recommends several strategies to help protect against remote ransomware. These include active asset management to find and manage unmanaged devices, employing security solutions to oversee file contents and network exchanges, and maintaining solid cybersecurity practices.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Tenable warns DeepSeek AI model can be breached for malware
Trend Micro unveils AI-driven platform for MSP efficiency
Cisco & NVIDIA unveil secure AI factory architecture
HP warns of rising threats from fake CAPTCHA malware
Rapid7 announces new cybersecurity hub in Pune, India
Top stories
Red Alpha appoints new CISO-in-residence amid talent gap
Cynet appoints Meghan AuBuchon as chief marketing officer
Phishing-as-a-Service attacks rise in early 2025 report
Massive attack on GitHub affects over 23,000 repositories
Bitdefender uncovers massive Google Play Store ad fraud