12 Oct 2021

VMware ESXi Servers Encrypted by Lightning-Fast Python Script

Researchers at Sophos have warned of a new Python ransomware gang that is targeting VMware ESXi servers and virtual machines at lighting speed. According to security researchers, the Python code strikes incredibly fast and takes less than three hours to complete a ransomware attack, from initial breach to encryption. On

Read More
31 Aug 2021

LockFile Ransomware Uses Never-Before Seen Encryption to Avoid Detection

In July, researchers at Sophos discovered a new emerging threat in July that exploits the ProxyShell vulnerabilities in Microsoft Exchange servers to attack systems. The ransomware is referred to as LockFile and uses a unique intermittent encryption method as a means of evading detection. The ransomware gans also adopts tactics

Read More
19 May 2021

RDP Hijacked for Lateral Movement in 69% of Attacks

According to a new report called the Active Adversary Playbook 2021, 90% of cyberattacks investigated by Sophos last year involved abuse of the Remote Desktop Protocol (RDP). Sophos states that 81% of these attacks featured ransomware. The new report details the experiences of frontline threat hunters and incident responders to

Read More
28 Apr 2020

Attackers exploit 0-day code-execution flaw in the Sophos firewall

Sophos systems have been hit by a zero-day attack that was designed to steal usernames, as well as cryptographically protected passwords, and other sensitive data. The security firm stated that it was attacked through an exploited SQL injection flaw in patched versions of the Sophos XG Firewall on Sunday. The

Read More