{"id":282,"date":"2020-01-21T12:21:38","date_gmt":"2020-01-21T12:21:38","guid":{"rendered":"https:\/\/partnernews.sophos.com\/en-us\/?p=282"},"modified":"2020-01-30T06:37:14","modified_gmt":"2020-01-30T06:37:14","slug":"important-new-research-on-potential-ransomware-attack-method","status":"publish","type":"post","link":"https:\/\/partnernews.sophos.com\/en-us\/2020\/01\/products\/important-new-research-on-potential-ransomware-attack-method\/","title":{"rendered":"Important: New research on potential ransomware attack method"},"content":{"rendered":"<p><strong>What is the new type of ransomware?<\/strong><br \/>\nExternal researchers at\u202fSafebreach\u202fLabs have shared\u202ftheir research about a potential new type of ransomware\u202fthat can\u202fleverage\u202fthe Windows Encrypting File System (EFS)\u202fto\u202fencrypt files\u202fand\u202fcarry out a ransomware attack. This type of attack has not yet been seen in the wild and takes advantage of a Windows system vulnerability. It is currently unknown if Microsoft will release a patch to address it.<\/p>\n<p><strong>Are customers protected?<\/strong><br \/>\nAs this new attack is a form of ransomware, products that include CryptoGuard functionality are affected. Here are the details for each product:<\/p>\n<p><strong>Intercept X\/Intercept X Advanced\/Intercept X Advanced with EDR<\/strong><br \/>\nMitigation has been added.<\/p>\n<p><strong>Intercept X Advanced for Server\/Intercept X Advanced for Server with EDR<\/strong><br \/>\nMitigation has been added to the <a href=\"https:\/\/community.sophos.com\/products\/intercept\/early-access-program\/b\/blog\/posts\/enhanced-protection-eap-going-to-server\">Intercept X for Server EAP<\/a>. Customers already enrolled in or who join the EAP will receive this mitigation. Planned general availability release for all customers is 5 February 2020.<\/p>\n<p><strong>Endpoint Exploit Prevention<\/strong><br \/>\nPlanned general availability of the mitigation is the second half of February 2020. An email is being sent to Endpoint Exploit Prevention customers to inform them.<\/p>\n<p><strong>Is there a KBA I can share with customers?<\/strong><br \/>\nYes, <a href=\"https:\/\/community.sophos.com\/kb\/en-us\/135056\">KBA135056<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Researchers have discovered a potential new type of ransomware, we are releasing product updates to ensure customers are protected. Read this article for information you can use with your customers.<\/p>\n","protected":false},"author":11,"featured_media":352,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"advanced_seo_description":"","jetpack_seo_html_title":"","jetpack_seo_noindex":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[2],"tags":[30,35,21],"coauthors":[],"class_list":["post-282","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-products","tag-intercept-x","tag-intercept-x-for-server","tag-threats-malware"],"jetpack_featured_media_url":"https:\/\/partnernews.sophos.com\/en-us\/wp-content\/uploads\/sites\/3\/2019\/11\/featured-image-cyberthreat-shield.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/posts\/282","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/comments?post=282"}],"version-history":[{"count":1,"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/posts\/282\/revisions"}],"predecessor-version":[{"id":283,"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/posts\/282\/revisions\/283"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/media\/352"}],"wp:attachment":[{"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/media?parent=282"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/categories?post=282"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/tags?post=282"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/partnernews.sophos.com\/en-us\/wp-json\/wp\/v2\/coauthors?post=282"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}