Ransomware affects an accelerating number of victims with every passing year, but it has an Achilles’ heel: encryption is a time consuming process, driven by the processing power of its host machine’s CPU. It takes time for suitably strong encryption algorithms to securely encrypt the data on whole hard drives. In the case of ransomware, the application is at least as concerned with optimising its attack and evading detection by modern security tools as it is with encrypting.
With evasion a priority, many ransomware-deploying attackers seem to have developed a keen understanding of how network and endpoint security products detect or block malicious activity. Ransomware attacks almost always begin with an attempt to thwart security controls, though with varying levels of success.
Find out more in Sophos’ Threat Report 2020