Important: New research on potential ransomware attack method

ProductsIntercept XIntercept X for ServerThreats & Malware

Researchers have discovered a potential new type of ransomware, we are releasing product updates to ensure customers are protected. Read this article for information you can use with your customers.

Jan 21 2020 By

What is the new type of ransomware?
External researchers at Safebreach Labs have shared their research about a potential new type of ransomware that can leverage the Windows Encrypting File System (EFS) to encrypt files and carry out a ransomware attack. This type of attack has not yet been seen in the wild and takes advantage of a Windows system vulnerability. It is currently unknown if Microsoft will release a patch to address it.

Are customers protected?
As this new attack is a form of ransomware, products that include CryptoGuard functionality are affected. Here are the details for each product:

Intercept X/Intercept X Advanced/Intercept X Advanced with EDR
Mitigation has been added.

Intercept X Advanced for Server/Intercept X Advanced for Server with EDR
Mitigation has been added to the Intercept X for Server EAP. Customers already enrolled in or who join the EAP will receive this mitigation. Planned general availability release for all customers is 5 February 2020.

Endpoint Exploit Prevention
Planned general availability of the mitigation is the second half of February 2020. An email is being sent to Endpoint Exploit Prevention customers to inform them.

Is there a KBA I can share with customers?
Yes, KBA135056.

About the Author

Sophos is a global leader and innovator of advanced security solutions for defeating cyberattacks, including Managed Detection and Response (MDR) and incident response services and a broad portfolio of endpoint, network, email, and cloud security technologies. As one of the largest pure-play cybersecurity providers, Sophos defends more than 600,000 organizations and more than 100 million users worldwide from active adversaries, ransomware, phishing, malware, and more. Sophos’ services and products connect through the Sophos Central management console and are powered by Sophos X-Ops, the company’s cross-domain threat intelligence unit. Sophos X-Ops intelligence optimizes the entire Sophos Adaptive Cybersecurity Ecosystem, which includes a centralized data lake that leverages a rich set of open APIs available to customers, partners, developers, and other cybersecurity and information technology vendors. Sophos provides cybersecurity-as-a-service to organizations needing fully managed security solutions. Customers can also manage their cybersecurity directly with Sophos’ security operations platform or use a hybrid approach by supplementing their in-house teams with Sophos’ services, including threat hunting and remediation. Sophos sells through reseller partners and managed service providers (MSPs) worldwide. Sophos is headquartered in Oxford, U.K. More information is available at www.sophos.com.