More ransomware operations have been leveraging remote encryption to facilitate widespread network compromise, according to The Hacker News.
Such an attack technique, which has already been adopted by the ALPHV/BlackCat, Akira, LockBit, BlackMatter, and Royal ransomware gangs, has proven more successful in evading detection and process-based remediation efforts, a report from Sophos revealed. "Companies can have thousands of computers connected to their network, and with remote ransomware, all it takes is one underprotected device to compromise the entire network. Attackers know this, so they hunt for that one 'weak spot' and most companies have at least one. Remote encryption is going to stay a perennial problem for defenders," said Sophos Vice President of Threat Research Mark Loman. The findings signify the ongoing evolution of the ransomware landscape, with Sophos previously reporting the increasing engagement between ransomware groups and the media to not only pressure their attackers but also bolster their reputation.
BleepingComputer reports vulnerable ConnectWise ScreenConnect servers impacted by the CVE-2024-1708 and CVE-2024-1709 flaws were observed by Sophos X-Ops researchers to have been subjected to numerous LockBit ransomware attacks since Feb. 21 .