Cybercriminals never stop changing their techniques to evade defenses. Ransomware remains a favored form of attack, with variants that target Windows, Linux and virtual machines. Increasingly, ransomware gangs are attacking endpoints and using remote encryption to compromise the entire IT environment.
According to a 2023 report from Microsoft, 60 percent of ransomware attacks use remote encryption. This technique allows the attackers to minimize their footprint and stay a step ahead of law enforcement. It is also highly effective given that endpoints are often a security weak spot.
The Microsoft report found that 80 percent of successful attacks originated on unmanaged devices. These devices connect to the company network but don’t have company-controlled security measures. Because the malicious activity occurs on an unmanaged device, managed systems in the IT environment cannot detect it. Typical remediation processes are ineffective.
What Is Remote Encryption?
As the name suggests, remote encryption uses a compromised endpoint to encrypt data on other systems. The technique is not new — CryptoLocker ransomware has used remote encryption for more than a decade. Other ransomware families that support remote encryption include BlackCat/AlphaV, LockBit and Royal. The encryption process is performed on the endpoint device, outside the scope of firewalls, intrusion detection systems and extended detection and response (XDR) tools.
What Are Unmanaged Endpoints?
Unmanaged endpoints do not have installed security controls and are not actively managed by the IT department. They may even be unknown or unaccounted for in the company’s IT asset inventory. Employee-owned smartphones and tablets, including both BYOD and personal devices, are the primary category. Unmanaged endpoints also include networked printers and Internet of Things (IoT) devices such as security cameras and building control systems.
How to Protect Against Remote Encryption Attacks
Unmanaged endpoints represent just 11 percent of the typical IT environment, but it only takes one vulnerable device to compromise the entire network. Organizations need a multipronged approach to protect against the rising threat of remote encryption attacks.
Detect and Secure Unmanaged Devices. IT asset management solutions include discovery tools that can locate devices connecting to the network. Once the devices are identified, they can be protected with enterprise-grade security software. Enterprise mobility management (EMM) solutions include robust anti-malware and data protection and provide greater visibility into endpoint devices.
Segment the Network. Many IoT devices lack the memory and processing power for security software. Often, the best approach is to segment the network to isolate IoT devices and unsecure legacy systems.
Implement Network Access Control. Network access control (NAC) solutions enforce company security policies across every user and device. Asset visibility and real-time monitoring enable NAC to verify the security posture, authorization and access levels for every device, and deny access to those that lack appropriate controls.
Monitor Network Traffic. There are several tools that can help organizations detect and block suspicious traffic. Next-generation firewalls (MGFWs) can decrypt and inspect traffic to identify data exfiltration. XDR solutions also monitor network traffic and can detect increased file activity. User and entity behavior analytics (UEBA) tools can detect and block unauthorized or unusual access to sensitive data.
How Verteks Can Help
The Verteks cybersecurity team can assess your environment to identify gaps and vulnerabilities such as unmanaged devices. We can then develop a layered security strategy that uses multiple tools to identify and defend against attacks. We also provide security awareness training to help users understand the importance of securing their personal devices. Our 24x7 monitoring and management enables rapid detection and response to minimize the impact of a successful attack.
Conclusion
According to Sophos, remote encryption attacks have increased 62 percent year over year since 2022. Organizations should work quickly to identify unmanaged devices and secure them against ransomware attacks.
