Remote Ransomware Tries, Tries Again

remote ransomware
Adobe Stock #273340982

Share

An excerpt from the “Teacher’s Manual” (1840) written by T. H. Palmer, reads: ’Tis a lesson you should heed, If at first you don’t succeed, Try, try again;  While this age-old adage is routinely quoted by parents, teachers, and coaches across the world as an expression of encouragement for someone to keep trying, (and you will eventually succeed), Thirtyseven4 EDR Security is witnessing these same words playing out in real-time threats in the cybersecurity world as well via remote ransomware.

What Is Remote Ransomware?

Remote ransomware, also known as malicious remote encryption, is a sophisticated attack vector involving compromised endpoints (systems that are typically inadequately secured and thus more vulnerable) being used as launching pads to encrypt data on other devices throughout a victim’s network. The initially exploited system could be a workstation, server, laptop, or mobile device. It could also be a managed or an unmanaged device. And (it gets worse): Regardless of the device exploited, once a remote ransomware attack is successful, an entire network of costly payloads is possible, including encryption, remote code execution and other malicious activities.  Infamous ransomware groups, such as Akira, BlackCat, DarkSide, LockBit, MedusaLocker, Ryuk and WannaCry are now using remote encryption more frequently than ever before.

What is interesting about remote ransomware attacks, is that they’re usually not the (hackers) first choice for infiltrating a targeted network. Most of the notorious ransomware groups (such as listed above) prefer to install ransomware directly on machines that they are seeking to encrypt.

However, due to an organization’s cybersecurity and implementation, initial attempts may be thwarted or unsuccessful (Which is a good thing!).  But–instead of giving up immediately, the remote ransomware proceeds to ‘try, try again’ in terms of applying alternate methods in further attempts to penetrate the network.

In most situations, cybercriminals manage to bypass the security infrastructure by identifying a network’s most easily compromised system, or “low hanging fruit”.  This is a device that is easy to obtain, compromise, or take advantage of.

According to the Thirtyseven4 Threatlab, a noteworthy factor fueling the prevalence of remote ransomware is its scalability. A single unmanaged or inadequately protected endpoint has the potential to jeopardize an entire organization’s network through malicious remote execution.

By leveraging and integrating machine learning algorithms, Thirtyseven4 EDR Security incorporates powerful and effective detection and prevention of (both) previously known and unknown remote ransomware.  Unlike competing products that are ineffective against combating remote ransomware, Thirtyseven4 EDR Security, by consuming large amounts of labeled training data, analyzes the data in real-time for indications and intent of malice, regardless of where the processes are running. If any mass encryption is detected, Thirtyseven4 immediately quarantines the files, subduing the threat. Additional EDR-based, machine-learned training models are also utilized to proactively block remote devices attempting to encrypt files on a network.

As Palmer’s proverb continues,

‘Once or twice, though you should fail,
If you would at last prevail,
Try, try again;

If we strive, ‘tis no disgrace
Though we do not win the race;
What should you do in the case?
Try, try again’

With Thirtyseven4 EDR Security as your security solution of choice, vulnerabilities can try as they might. But they will not win the fight.

 

This article on remote ransomware originally appeared here, and is used by permission.

Continue Reading...

Steven Sundermeierhttps://www.thirtyseven4.com/
Steven Sundermeier is the Owner of ThirtySeven4, a nationally-respected cyber security firm. You can visit his website at http://www.thirtyseven4.com/

Read more

Latest Articles