Sophos – Intercept X: the threat researcher’s view
Machine learning requires amazing people, so let’s meet one…
We’re really excited about the latest version of Intercept X , our industry-leading next-gen endpoint solution.
To learn more about why Intercept X is such a game-changer in stopping ransomware, and why it continues to be a pervasive challenge for IT security, we met with ransomware expert Dorka Palotay, a threat researcher with SophosLabs in Budapest.
Hi Dorka, tell us how you contributed to Intercept X…
I work in SophosLabs and my area of expertise is ransomware. In the last two years I have analysed all the main ransomware families and many of the smaller families as well. These analyses help us to understand the different behaviour and capabilities of ransomware, which makes successful defence possible.
Why is ransomware still a problem?
The return on investment of ransomware attacks is high; with a relatively small investment cost the attackers can gain big money. These attacks are constantly evolving and the number of different families is growing fast. With ransomware kits sold on the dark web, anyone can launch a ransomware campaign regardless of skill. Publicly available exploits can make these attacks even more dangerous, like in the case of Wannacry.
How is ransomware changing?
Ransomware attacks have become more frequent and more sophisticated in the last few years. Cybercriminals are finding new methods of spreading malware and evading detection. The tools for launching a successful ransomware campaign have evolved significantly and are easily accessible.
How will Intercept X change things?
Intercept X helps to protect against ransomware on many levels. Its exploit prevention capability can prevent attacks right at the beginning, before the file encryption even starts.
CryptoGuard recognizes the general ransomware behaviour instead of family-specific attributes, which means that it will detect previously unseen ransomware as well. WipeGuard is a powerful tool to secure against threats like Petya by protecting the disk and boot record.
Root Cause Analysis makes investigating security incidents easy, and if anything nasty does sneak its way on to the system, Sophos Clean removes all sign of it.
And finally, describe Intercept X in one word?