Click here to download all references as Bib-File.
2022-07-14 ⋅ Sophos ⋅ BlackCat ransomware attacks not merely a byproduct of bad luck BlackCat BlackCat |
2022-04-12 ⋅ Sophos ⋅ Attackers linger on government agency computers before deploying Lockbit ransomware LockBit |
2021-12-22 ⋅ Sophos ⋅ Avos Locker remotely accesses boxes, even running in Safe Mode AvosLocker |
2021-09-03 ⋅ Sophos ⋅ Conti affiliates use ProxyShell Exchange exploit in ransomware attacks Cobalt Strike Conti |
2021-08-05 ⋅ Twitter (@AltShiftPrtScn) ⋅ Tweet on Conti ransomware affiliates using AnyDesk, Atera, Splashtop, Remote Utilities and ScreenConnect to maintain network access Conti |
2021-08-05 ⋅ Twitter (@AltShiftPrtScn) ⋅ Tweet on Lorenz ransomware tricking user into allowing OAuth permissions to "Thunderbird with ExQuilla" for O365 Lorenz |
2021-07-21 ⋅ Twitter (@AltShiftPrtScn) ⋅ Tweet on Conti ransomware actor installing AnyDesk for remote access in victim environment Conti |
2021-06-12 ⋅ Twitter (@AltShiftPrtScn) ⋅ A thread on RagnarLocker ransomware group's TTP seen in an Incident Response Cobalt Strike RagnarLocker |
2021-06-11 ⋅ SophosLabs Uncut ⋅ Relentless REvil, revealed: RaaS as variable as the criminals who use it REvil |
2021-05-18 ⋅ Sophos ⋅ The Active Adversary Playbook 2021 Cobalt Strike MimiKatz |
2021-05-11 ⋅ Sophos ⋅ A defender’s view inside a DarkSide ransomware attack DarkSide |
2021-05-06 ⋅ Sophos Labs ⋅ MTR in Real Time: Pirates pave way for Ryuk ransomware Ryuk |
2021-05-05 ⋅ SophosLabs Uncut ⋅ Intervention halts a ProxyLogon-enabled attack Cobalt Strike |
2021-04-22 ⋅ Twitter (@AltShiftPrtScn) ⋅ Twwet On TTPs seen in IR used by DOPPEL SPIDER Cobalt Strike DoppelPaymer |
2021-02-16 ⋅ SophosLabs Uncut ⋅ What to expect when you’ve been hit with Conti ransomware Conti |
2021-01-26 ⋅ SophosLabs Uncut ⋅ Nefilim Ransomware Attack Uses “Ghost” Credentials Nefilim |
2021-01-17 ⋅ Twitter (@AltShiftPrtScn) ⋅ Tweet on Conti Ransomware group exploiting FortiGate VPNs to drop in CobaltStrike loaders Cobalt Strike Conti |
2020-12-08 ⋅ Sophos ⋅ Egregor ransomware: Maze’s heir apparent Egregor Maze |
2020-10-28 ⋅ SophosLabs Uncut ⋅ Hacks for sale: inside the Buer Loader malware-as-a-service Buer Ryuk Zloader |
2020-09-17 ⋅ SophosLabs Uncut ⋅ Maze attackers adopt Ragnar Locker virtual machine technique Maze |