Sophos, a cybersecurity specialist in the next generation, has announced the availability of Sophos Rapid Response, a fixed-fee remote incident response service that identifies and neutralises active cybersecurity attacks throughout its 45-day engagement term
Sophos Rapid Response provides organisations with a dedicated 24/7 team of incident responders, threat hunters and threat analysts to quickly stop advanced attacks and remove adversaries from their networks, minimise damage and costs, and reduce recovery time.
Sophos Rapid Response identified the first known use of the Buer malware dropper to deliver ransomware. In a new study published today by Sophos Rapid Response and SophosLabs, “Hacks for sale: Inside the Buer Loader Malware-as-a-Service,” Sophos details how Buer compromises Windows PCs and enables attackers to deliver payloads.
Sophos Rapid Response made the discovery while attenuating a recent Ryuk ransomware attack, which was detected and stopped as part of a wave of Ryuk attacks using new tools, techniques and procedures. In this incident, relentless attackers used a new variant of Buer to attempt to launch Ryuk ransomware before expanding their efforts to mix the use of Buer with other types of loader malware.
“When you’re hit with an attack, time is of the essence. Every minute between initial compromise and neutralisation counts as adversaries race through the attack lifecycle,” said Joe Levy, chief technology officer at Sophos. “Advanced attacks can quickly halt business operations, and IT managers who have experienced ransomware firsthand know this all too well, reporting the need to spend proportionately more time on incident response and less time on threat prevention than those who haven’t been hit. Sophos Rapid Response disrupts active attacks, eliminating the complex and time-consuming process of stopping determined attackers so that organisations can get back to their normal operations faster.”
Sophos Rapid Response neutralises a wide range of security incidents, including ransomware, network breaches, hands-on keyboard adversaries, and more. The Sophos Rapid Response team can be onboarded and activated within hours, and the majority of attacks triaged within 48 hours.