1. Forum
  2. tqwNet
  3. TQW GENTECH

  • 'The detection surface is significantly reduced': Sophos report w

    From TechnologyDaily@1337:1/100 to All on Wednesday, May 20, 2026 14:15:28
    'The detection surface is significantly reduced': Sophos report warns new "WantToCry" ransomware could pose a major risk to your business, here's what we know

    Date:
    Wed, 20 May 2026 12:52:02 +0000

    Description:
    WantToCry operators are asking for change, compared to other ransomware players.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter Sophos identified a new ransomware variant called WantToCry that encrypts files remotely after exfiltration, reducing detection opportunities The attackers exploit exposed SMB services with weak credentials, then overwrite victim files with
    encrypted versions Ransom demands are unusually low, between $600 and $1,800, reflecting limited scope and lack of broad network impact Security
    researchers Sophos observed a new ransomware variant called WantToCry which, thanks to its encryption mechanism, is a lot more difficult to spot than traditional encryptors.

    In an in-depth analysis , Sophos said the attackers would first use scanners such as Shodan or Censys to look for internet-connected devices using the Server Message Block (SMB) service. SMB is a network file-sharing protocol that lets computers access files and other resources over a local network as if they were on their own system. It is widely used in Microsoft Windows environments to enable shared drives and network authentication, and allows applications to manipulate files on remote servers. Latest Videos From You
    may like Big Game Hunters: UK ransomware volume drops significantly 'but the reality is more alarming' big orgs are being hit harder and with greater success Experts warn this "broken" ransomware is now acting as a data wiper Ransomware payments drop to record low, even as attacks surge Asking for hundreds instead of millions After finding SMB services with open TCP ports 139 and 445, they would try default, frequently used, and otherwise weak credentials until they worked and granted access.

    However, once inside, WantToCry doesnt do what encryptors usually do and lock down files locally. Instead, they first exfiltrate them, and do the
    encrypting part on a remote server. After that, they would redeploy the encrypted files back to the victim devices, overwriting them and rendering them useless sans the decryption key.

    This process makes the defenders work that much harder:

    The detection surface is significantly reduced because WantToCry operates without local malware execution, and there is no post-compromise activity beyond exfiltrating files and rewriting them to disk, Sophos explained. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro
    newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

    Another aspect in which WantToCry stands out is the ransom demand. Usually, cybercriminals would demand tens of thousands of dollars for the decryption key, going into millions for enterprise victims. Here, however, they would
    ask between $600 and $1,800.

    These amounts are low compared to traditional ransom demands and likely reflect the limited scope of the ransomware deployment, Sophos added. There
    is no post-intrusion activity in WantToCry attacks that is, there is no positioning of the ransomware for maximum impact across a compromised environment. Therefore, it is likely that in many cases the encryption occurs only on files stored on the host that exposed SMB services to the internet.

    Sophos also said that the WantToCry operators dont have a website and are not currently listing their victims. The best antivirus for all budgets Our top picks, based on real-world testing and comparisons

    Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/the-detection-surface-is-significantly- reduced-sophos-report-warns-new-wanttocry-ransomware-could-pose-a-major-risk-t o-your-business-heres-what-we-know


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)