February 23, 2024

ConnectWise ScreenConnect attacks deliver malware

Multiple attacks exploit vulnerabilities in an IT remote access tool to deliver a variety of different payloads into business environments

Threat Research

February 21, 2024

LockBit: Lessons learned on winning the war on cybercrime

Making sense of the ransomware-group takedown -- what it means for ransomware and law enforcement

Threat Research

December 20, 2023

CryptoGuard: An asymmetric approach to the ransomware battle

In the second of our new technical thought leadership series, Sophos X-Ops takes a detailed look at anti-ransomware techniques

Threat Research

December 13, 2023

Press and pressure: Ransomware gangs and the media

Sophos X-Ops explores the symbiotic – but often uneasy – relationship between ransomware gangs and the media, and how threat actors are increasingly seeking to wrest control of the narrative

Threat Research

May 17, 2023

US offers $10m bounty for Russian ransomware suspect outed in indictment

"Up to $10 million for information that leads to the arrest and/or conviction of this defendant."

Naked Security

April 25, 2023

Everything Everywhere All At Once: The 2023 Active Adversary Report for Business Leaders

A deep dive into over 150 incident-response cases reveals both attackers and defenders picking up the pace

Threat Research

November 30, 2022

LockBit 3.0 ‘Black’ attacks and leaks reveal wormable capabilities and tooling

Reverse-engineering reveals close similarities to BlackMatter ransomware, with some improvements

Threat Research

August 10, 2022

Lockbit, Hive, and BlackCat attack automotive supplier in triple ransomware attack

After gaining access via RDP, all three threat actors encrypted files, in an investigation complicated by event log clearing and backups. 3 attackers, 2 weeks – 1 entry point.

Security Operations

August 09, 2022

Multiple attackers increase pressure on victims, complicate incident response

Sophos’ latest Active Adversary report explores the issue of organizations being hit multiple times by attackers

Security OperationsThreat Research