What to expect when you’ve been hit with Avaddon ransomware

Credit to Author: Tilly Travers| Date: Mon, 24 May 2021 11:52:50 +0000

Avaddon ransomware is a Ransomware-as-a-Service (RaaS) that combines encryption with data theft and extortion. Avaddon has been around since 2019 but has become more prominent and aggressive since June 2020. “Affiliates” or customers of the service have been observed deploying Avaddon to a wide range of targets in multiple countries, often through malicious spam and [&#8230;]<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/eJWPBvysUPs” height=”1″ width=”1″ alt=””/>

Read more

MTR in Real Time: Pirates pave way for Ryuk ransomware

Credit to Author: Tilly Travers| Date: Thu, 06 May 2021 13:00:21 +0000

Sophos’ Rapid Response team was recently brought in to contain and neutralize an attack involving Ryuk ransomware. The target was a European biomolecular research institute involved in COVID-19 related research as well as other activities related to the life sciences. The institute has close partnerships with local universities and works with students on various programs. [&#8230;]<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/6pSQ_YkCBSQ” height=”1″ width=”1″ alt=””/>

Read more

Minimizing the risk of supply chain attacks – best practice guidelines

Credit to Author: Doug Aamoth| Date: Wed, 28 Apr 2021 10:00:29 +0000

The recent cyberattack on IT-monitoring company SolarWinds pushed supply chain weaknesses into the spotlight by highlighting just how unprepared many organizations are when it comes to defending against supply chain attacks. These attacks often happen because they don’t know where to start or don’t believe themselves important or high-profile enough to be targeted. In our [&#8230;]<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/21_LQ5JquEQ” height=”1″ width=”1″ alt=””/>

Read more

Sophos MTR in Real Time: What is Astro Locker Team?

Credit to Author: Michael Heller| Date: Wed, 31 Mar 2021 21:08:13 +0000

A recent incident with a new Sophos Managed Threat Response (MTR) customer has raised questions about the Mount Locker ransomware group and the relationship it has with Astro Locker Team. A ransomware detection for Mount Locker kicked the MTR team into gear and what they found was surprising. The first detection made it clear what [&#8230;]<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/jpcwoW1T4Jg” height=”1″ width=”1″ alt=””/>

Read more

Installing MTR on the run to keep up with Netwalker

Credit to Author: Michael Heller| Date: Tue, 16 Mar 2021 13:00:47 +0000

A new customer of the Sophos Managed Threat Response (MTR) service delayed their deployment, so when they were unexpectedly hit by a Netwalker ransomware attack, they had to go into SOS mode. Even though Sophos MTR immediately stepped in to neutralize the incident, the investigation into the initial entry points of the attack was hindered [&#8230;]<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/cLbKIfzhBHw” height=”1″ width=”1″ alt=””/>

Read more

HAFNIUM: Advice about the new nation-state attack

Credit to Author: Seth Geftic| Date: Fri, 05 Mar 2021 23:37:38 +0000

On March 2nd, zero-day vulnerabilities affecting Microsoft Exchange were publicly disclosed. These vulnerabilities are being actively exploited in the wild by HAFNIUM, a threat actor believed to be a nation state. What is HAFNIUM? According to a CISA alert: Microsoft has released out-of-band security updates to address vulnerabilities affecting Microsoft Exchange Server 2013, 2016, and [&#8230;]<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/RZOgaCbnoZ8″ height=”1″ width=”1″ alt=””/>

Read more

Understanding XDR, the latest evolution in threat detection and response

Credit to Author: Maxim Weinstein| Date: Wed, 03 Mar 2021 15:07:49 +0000

A few weeks ago, we published a brief overview of XDR. To summarize, XDR—short for extended detection and response (or sometimes x-product detection and response)—can be defined as: An approach that unifies information from multiple security products to automate and accelerate threat detection, investigation, and response in ways that isolated point solutions cannot. With the [&#8230;]<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/08fmKT3NQd0″ height=”1″ width=”1″ alt=””/>

Read more