Sophos has launched a new tool that has the ablity to identify and neutralise active cybersecurity attacks
Sophos Rapid Response is a fixed-fee remote incident response service that identifies and neutralises active cybersecurity attacks throughout its entire 45-day term of engagement.
The solution has behind it a dedicated 24/7 team of incident responders, threat hunters and threat analysts to quickly stop advanced attacks and remove adversaries from their networks, minimising damage and costs, and reducing recovery time.
Sophos Rapid Response has reportedly identified the first known use of the Buer malware dropper to deliver ransomware.
Buer is said to compromise Windows PCs, and enables attackers to deliver a payload.
Sophos Rapid Response made the discovery while mitigating a recent Ryuk ransomware attack, which was detected and stopped as part of a wave of Ryuk attacks using new tools, techniques and procedures.
The most notable incident of the Ryuk attacks was experienced by an unnamed hospital.
Joe Levy, chief technology officer at Sophos stressed that time is critical factor when a threat hits its target, and “every minute between initial compromise and neutralisation counts as adversaries race through the attack lifecycle”.
There has been a surge in ransomware and cyberattacks in general this year. Nearly 85% of the attacks that Sophos Rapid Response has been involved in thus far included ransomware – notably Ryuk, REvil and Maze.
