Wanneer een staatshacker een rootkit nodig heeft om specifiek jouw software lam te leggen dan doe je toch iets goed. Raising the bar met technologie ontwikkeld in Twente! #HitmanPro #Lazarus #rootkit
decoded.avast.io/janvojtesek/la…

We’ve also seen other ScreenConnect abuse in our telemetry, some delivering AsyncRAT (via WSF script execution); infostealers; and SimpleHelp Remote Access Client

While the world digests what, precisely, the LockBit takedown this week entails and how much it’s likely to kneecap the ransomware gang, we’d just like to point out how prevalent the family is – literally, what Conti was to 2021, LockBit was to 2023. 1/11

There have been several shifts in ransomware tactics over the past few years: new RaaS models, new languages and TTPs, and attacking after hours and at weekends. But maybe one of the most substantial is remote ransomware.

CryptoGuard: An asymmetric approach to the ransomware battle. In the second of our new technical thought leadership series, Sophos X-Ops takes a detailed look at anti-ransomware techniques: news.sophos.com/en-us/2023/12/…

From @SysAid’s write up about active attacks attributed to Cl0p.
'- Checks all running processes for any process beginning with the name “Sophos” [and only Sophos] and if found, exits.
- If no matching processes are found, starts the user.exe malware.'
sysaid.com/blog/service-d…

It was exactly 10 years ago when my team released the first version of CryptoGuard – a universal and generic solution against ransomware. Today it protects more than 20 million computers and servers against malicious and spontaneous encryption of data.
youtube.com/watch?v=5M8YYn…

During a recent investigation, Sophos X-Ops discovered a trojanized Windows installer for CloudChat, an instant messaging application. Looking into this supply chain attack further, we found that the official distribution server for the application had been compromised

Sophos X-Ops recently observed unsuccessful attempted ransomware activity against customers. The attempt utilized CVE-2023-40044, in WS_FTP Server from Progress Software.

If you are using Cisco AnyConnect VPN please enforce MFA the #Akira / #Powerranges ransomware lot are heavily targeting them at the moment for initial access.

Dit is geweldig hoopgevend: mensen mét verstand die halve gare influencers, in dit geval Fascistjeboyjay, op hun eigen manier van weerwoord dienen.

Today, after a monthslong collaboration with Microsoft, they've invalidated this much larger collection of malicious drivers we reported to them as part of the Patch Tuesday release. In total, X-Ops discovered 133 malicious drivers, 100 of which were signed by Microsoft's WHCP.

Think you know ransomware? A gripping documentary that delves into the alarming realities of ransomware, revealing the far-reaching consequences that affect both business owners and society at large. Our first episode 'Origins of Cybercrime' is out now! sophos.com/en-us/content/…

“We encrypted your login data. But not with your passphrase. We used one of ours, so we can still read it. Is that a big deal?”

Also, great advice on those PaperCut attacks…

nakedsecurity.sophos.com/s3-ep132

Everything Everywhere All At Once: The 2023 Active Adversary Report for Business Leaders; A deep dive into over 150 incident-response cases reveals both attackers and defenders picking up the pace: news.sophos.com/en-us/2023/04/…

After responding to a ransomware attack, Sophos X-Ops uncovered a new, custom-designed #malware called #AuKill that’s designed to terminate the #EDR agent and endpoint security software the target had installed.

#Akira ransomware seems to be new, multiple victims in the last week. Attacks fairly simple, including Process Hacker, PC Hunter, Lsass dumps, enabling remote registry. Ransomware exe dropped into multiple locations. Leak site is a bit different, commands instead of links.

We have made another update to our blog on the 3CX situation: news.sophos.com/en-us/2023/03/…

Adding:
- new analysis of an emergent line of inquiry concerning a timestamp mechanism in the malicious code
- information on analysis of other Electron-built apps using ffmpeg.dll
1/7

Updated: 3CX users under DLL-sideloading attack: What you need to know news.sophos.com/en-us/2023/03/…

Ferrari wordt afgeperst met gestolen klantgegevens buitgemaakt bij ransomware aanval