Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2022-06-16SophosLabs UncutAndrew Brandt
Confluence exploits used to drop ransomware on vulnerable servers
Cerber
2022-02-23SophosLabs UncutAndrew Brandt
Dridex bots deliver Entropy ransomware in recent attacks
Cobalt Strike Dridex Entropy
2021-11-18SophosLabs UncutSean Gallagher
New ransomware actor uses password protected archives to bypass encryption protection
2021-11-11SophosLabs UncutAndrew Brandt
BazarLoader ‘call me back’ attack abuses Windows 10 Apps mechanism
BazarBackdoor
2021-07-09Twitter (@SophosLabs)SophosLabs
Tweet on speed at which Kaseya REvil attack was conducted
REvil
2021-07-05Twitter (@SophosLabs)SophosLabs
Tweet with a REvil ransomware execution demo
REvil
2021-06-11SophosLabs UncutAnand Ajjan, Andrew Brandt, Hajnalka Kope, Mark Loman, Peter Mackenzie
Relentless REvil, revealed: RaaS as variable as the criminals who use it
REvil
2021-05-28SophosLabs UncutAndrew Brandt
A new ransomware enters the fray: Epsilon Red
Epsilon Red
2021-05-07SophosLabs UncutRajesh Nataraj
New Lemon Duck variants exploiting Microsoft Exchange Server
CHINACHOPPER Cobalt Strike Lemon Duck
2021-05-05SophosLabs UncutAndrew Brandt, Gabor Szappanos, Peter Mackenzie, Vikas Singh
Intervention halts a ProxyLogon-enabled attack
Cobalt Strike
2021-04-21SophosLabs UncutAnand Aijan, Andrew Brandt, Markel Picado, Michael Wood, Sean Gallagher, Sivagnanam Gn, Suriya Natarajan
Nearly half of malware now use TLS to conceal communications
Agent Tesla Cobalt Strike Dridex SystemBC
2021-04-15SophosLabs UncutAndrew Brandt
BazarLoader deploys a pair of novel spam vectors
BazarBackdoor
2021-04-13SophosLabs UncutAndrew Brandt
Compromised Exchange server hosting cryptojacker targeting other Exchange servers
2021-03-24SophosLabs UncutMark Loman
Black Kingdom ransomware begins appearing on Exchange servers
2021-02-16SophosLabs UncutPeter Mackenzie, Tilly Travers
What to expect when you’ve been hit with Conti ransomware
Conti
2021-02-16SophosLabs UncutAnand Ajjan, Andrew Brandt
Conti ransomware: Evasive by nature
Conti
2021-02-16SophosLabs UncutMichael Heller
A Conti ransomware attack day-by-day
Conti
2021-01-26SophosLabs UncutBill Kearney, David Anderson, Michael Heller, Peter Mackenzie, Sergio Bestulic
Nefilim Ransomware Attack Uses “Ghost” Credentials
Nefilim
2020-12-21SophosLabs UncutSophosLabs Threat Research
How SunBurst malware does defense evasion
SUNBURST UNC2452
2020-12-16SophosLabs UncutSean Gallagher, Sivagnanam Gn
Ransomware operators use SystemBC RAT as off-the-shelf Tor backdoor
SystemBC