Sophos, a global leader in next-generation cybersecurity, has announced the availability of Sophos Rapid Response, an industry-first, fixed-fee remote incident response service that identifies and neutralizes active cybersecurity attacks throughout its entire 45-day term of engagement. Sophos Rapid Response provides organizations with a dedicated 24/7 team of incident responders, threat hunters and threat analysts to quickly stop advanced attacks and remove adversaries from their networks, minimizing damage and costs and reducing recovery time.
Sophos Rapid Response has identified the first known use of the Buer malware dropper to deliver ransomware. In new research published today from Sophos Rapid Response and SophosLabs, ‘Hacks for Sale: Inside the Buer Loader Malware-as-a-Service’, Sophos details how Buer compromises Windows PCs and enables attackers to deliver a payload. Sophos Rapid Response made the discovery while mitigating a recent Ryuk ransomware attack, which was detected and stopped as part of a wave of Ryuk attacks using new tools, techniques and procedures. In this incident, the relentless attackers used a new variant of Buer in an attempt to launch Ryuk ransomware, before expanding their efforts to mix the use of Buer with other types of loader malware.
“When you’re hit with an attack, time is of the essence. Every minute between initial compromise and neutralization counts, as adversaries race through the attack lifecycle,” said Joe Levy, Chief Technology Officer at Sophos.
Click below to share this article