TECH NEWS

'The detection surface is significantly reduced': Sophos report warns new "WantToCry" ransomware could pose a major risk to your business, here's what we know

https://cdn.mos.cms.futurecdn.net/kHhorZ4G7hCndEURtMoAST-2560-80.jpg
  • Sophos identified a new ransomware variant called WantToCry that encrypts files remotely after exfiltration, reducing detection opportunities
  • The attackers exploit exposed SMB services with weak credentials, then overwrite victim files with encrypted versions
  • Ransom demands are unusually low, between $600 and $1,800, reflecting limited scope and lack of broad network impact

Security researchers Sophos observed a new ransomware variant called WantToCry which, thanks to its encryption mechanism, is a lot more difficult to spot than traditional encryptors.

In an in-depth analysis, Sophos said the attackers would first use scanners such as Shodan or Censys to look for internet-connected devices using the Server Message Block (SMB) service.

SMB is a network file-sharing protocol that lets computers access files and other resources over a local network as if they were on their own system. It is widely used in MicrosoftWindows environments to enable shared drives and network authentication, and allows...

Copyright of this story solely belongs to techradar.com. To see the full text click HERE

Read more