Unmanaged endpoints are some of the weakest links in the cybersecurity chain. Remote ransomware is one of the most serious threats to exploit these vulnerable devices.
In a remote ransomware attack, cybercriminals use compromised endpoints to encrypt data on other devices in the organization’s network. The compromised device fetches files from shared drives and folders, encrypts the data, and replaces the files with the encrypted versions.
Because the malicious activity occurs on the unmanaged endpoint, the organization’s managed devices don’t detect it. The malicious actor can bypass the target system’s defenses.
Typical security controls are incapable of stopping a remote ransomware attack from spreading throughout the IT environment because they are designed to detect malicious activity on the protected device. Most organizations will only identify a remote ransomware attack by detecting suspicious file transmissions to and from the compromised device.
How Prevalent Is Remote Ransomware?
Remote ransomware, also known as malicious remote encryption, is not new. The CryptoLocker ransomware family has used remote encryption for more than 10 years. Other common ransomware families, including LockBit, Ryuk and Wannacry, have remote ransomware capabilities. Several of the major ransomware groups, including Black Basta, BlackCat and Royal, are engaging in remote encryption attacks.
However, remote ransomware has only recently become a factored tactic among cybercriminals. As organizations became more effective at blocking traditional ransomware attacks, malicious actors began using remote ransomware to increase their effectiveness while reducing their risk. The attacker must only gain control of one compromised endpoint to put the entire network in jeopardy.
A 2023 Microsoft report found that 60 percent of ransomware attacks use remote encryption, and 80 percent of successful attacks originate from unmanaged endpoints. According to a Sophos report, there has been a 62 percent year-over-year increase in remote ransomware attacks detected by its software.
Securing Unmanaged Endpoints Is Key
Unmanaged devices make up about 11 percent of the typical IT environment, and organizations should act quickly to identify and secure these endpoints. Many IT asset management solutions have discovery features that can detect any device that connects to the network. Once a device is identified, the IT team can assess its security posture and install enterprise-class security tools as needed.
Enterprise mobility management (EMM) platforms can increase efficiency by automating many endpoint security tasks. These tools provide an array of functions, including mobile device management (MDM), mobile application management (MAM) and more. Administrators can set policies on a centralized console, and agent apps installed on the endpoint will enforce the policies and configure settings. This helps ensure that every device meets minimum security requirements.
IoT devices are often weak points, but many lack mechanisms for patches and updates. They may also lack the memory or processing power for modern security software. Organizations should isolate these devices and unsecure legacy systems by segmenting the network.
Other Ways to Protect Against Remote Ransomware
Although unmanaged endpoints are the primary starting point for remote ransomware, attacks employ various techniques that require a layered security approach. Organizations should use network access control (NAC) solutions to enforce security policies across every device and user. NAC solutions monitor devices in real time to verify their security posture and deny access to those that don’t meet corporate standards.
Organizations should also implement tools to monitor network traffic for suspicious access or file activity. Next-generation firewalls (NGFWs), extended detection and response (XDR), and user and entity behavior analytics (UEBA) are among the tools that can detect the activity associated with a remote ransomware attack.
Technologent’s cybersecurity team has specific expertise in ransomware. Let us help you defend against remote ransomware and quickly detect and mitigate a successful attack.
September 24, 2024
Comments