Remote ransomware, also known as malicious remote encryption, occurs when a compromised endpoint is used to encrypt data on other devices on the same network.
Attackers leverage compromised machines to encrypt data on managed domain-joined machines, bypassing modern security stacks. The only indication of compromise is the transmission of documents to and from other machines.
Around 80% of remote encryption compromises originate from unmanaged devices on the network, making this attack vector scalable and dangerous.
Sophos Endpoint offers industry-leading protection against malicious remote encryption with its CryptoGuard technology. Unlike other solutions, CryptoGuard analyzes file content for signs of malicious encryption, making it highly effective at stopping all forms of ransomware attacks.
CryptoGuard blocks both local and remote ransomware attacks, creates temporary backups of modified files, automatically rolls back changes, and protects the master boot record (MBR).
Sophos Network Detection and Response (NDR) can help identify unprotected devices on the network, further enhancing protection against remote ransomware attacks.
To elevate protection against remote ransomware, it is recommended to install Sophos Endpoint on all machines in the environment and deploy Sophos NDR to discover unprotected devices on the network.
Using Sophos Endpoint can significantly reduce the risk of falling victim to remote ransomware attacks. Organizations can speak with a Sophos adviser or partner to learn more and take advantage of a 30-day free trial.