Multi-Part Series Examines Escalating Detection Evasion Techniques and 5 Early Warning Signs Organizations are About to be Hit by Ransomware.

Rapidly Changing Attacker Behaviors and Remote Working Signals Urgent Need to Future-Proof and Layer Security

OXFORD, U.K. — 8月 4, 2020 —

 Sophos, a global leader in next-generation cybersecurity, today published a multi-part research series on the realities of ransomware, including an industry-first detailed look at new detection evasion techniques in WastedLocker ransomware attacks that leverage the Windows Cache Manager and memory-mapped I/O to encrypt files. A complementary article examines the evasion-centric arms race of ransomware, providing a months-long review of how cybercriminals have been escalating and markedly changing evasion techniques, tactics and procedures (TTPs) since Snatch ransomware in December 2019. 

The article series also breaks down the five early warning signs organizations are about to be attacked by ransomware and why ransomware attacks continue to occur.

“The reality is, ransomware is not going away. At Sophos, we’ve seen gangs like WastedLocker taking evasive tactics to a new level and now even finding ways to bypass behavioral anti-ransomware tools. This is the latest example of attackers getting their hands dirty, using new maneuvers to manually disable software as a precursor to a full blown ransomware attack. Other stealthy activities like exfiltrating data and disabling backups are also precursors. The longer attackers are in the network, the more damage they can inflict,” said Chester Wisniewski, principal research scientist, Sophos. “This is why human intelligence and response are critical security components to detect and neutralize early indicators that an attack is underway. Organizations need to know about escalating trends and harden their perimeter by disabling remote access tools like RDP whenever possible to prevent crooks from gaining access to the network, a common denominator in many ransomware attacks that Sophos analyses.”

The combination of these changing attacker behaviors and remote and/or hybrid working environments due to the global COVID-19 pandemic is signaling an urgent need for organizations to prioritize IT security. Businesses also need to future-proof security implementations in anticipation of always-adapting adversaries, disintegrating boundaries and the expanded attack surface caused by COVID-19.

The Lineup of Sophos Research Includes

Immediate Advice for Defenders

  • Shut down internet-facing remote desktop protocol (RDP) to deny cybercriminals access to networks
  • If you need access to RDP, put it behind a VPN connection
  • Use layered security to prevent, protect and detect cyberattacks, including endpoint detection and response (EDR) capabilities and managed response teams who watch networks 24/7
  • Be aware of the five early indicators an attacker is present to stop ransomware attacks

Researchers from SophosLabs and Sophos Managed Threat Response contributed to the series. For additional information, please reference SophosLabs Uncut and Sophos News.

ソフォスについて

ソフォスは、サイバーセキュリティ業界のリーダー企業として、AI を駆使したプラットフォームや精鋭スタッフによるサービスを世界中の 600,000社以上のお客様にご利用いただいています。セキュリティの成熟度にかかわらず、あらゆるお客様のご要望にお応えし、サイバー攻撃を撃退すべくお客様とともに成長を続けています。機械学習や、自動化、リアルタイムの脅威インテリジェンスに、Sophos X-Ops の最前線スタッフから得た専門知識を組み合わせて、高度な脅威監視、検出、対応を 24時間 365日体制で行っています。
ソフォスは、業界最先端の MDR (managed detection and response) を提供しているのに加えて、エンドポイントをはじめ、ネットワーク、メール、クラウドセキュリティ、XDR (extended detection and response)、ITDR (identity threat detection and response)、次世代の SIEM まで、サイバーセキュリティテクノロジーのあらゆるラインナップを取り揃えています。さらに、専門家によるアドバイザリーサービスも提供しており、組織はこれらを組み合わせて利用することで、リスクをあらかじめ減らし、迅速な対応をとれるようになるだけでなく、進化し続ける脅威の一歩先をいくために必要な可視性および拡張性を確保することが可能となります。
ソフォスは、グローバルに広がるパートナーエコシステムを通じて市場展開しており、お客様は、MSP (Managed Service Provider)、MSSP (Managed Security Service Provider) や、リセラー、ディストリビューターのほか、マーケットプレイスにおける統合、ソフォスのサイバーリスクパートナーまで、信頼できる関係性を自由にお選びいただけます。  ソフォス本社は英国のオックスフォードにあります。詳細については www.sophos.com をご覧ください。