Cybersecurity firm Sophos impersonated by new SophosEncrypt ransomware

Gandalf_The_Grey

Gandalf_The_Grey

Level 83
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,256
Content source
https://www.bleepingcomputer.com/news/security/cybersecurity-firm-sophos-impersonated-by-new-sophosencrypt-ransomware/
Cybersecurity vendor Sophos is being impersonated by a new ransomware-as-a-service called SophosEncrypt, with the threat actors using the company name for their operation.

Discovered yesterday by MalwareHunterTeam, the ransomware was initially thought to be part of a red team exercise by Sophos.

However, the Sophos X-Ops team tweeted that they did not create the encryptor and that they are investigating its launch.

"We found this on VT earlier and have been investigating. Our preliminary findings shows Sophos InterceptX protects against these ransomware samples," tweeted Sophos.

Furthermore, ID Ransomware shows one submission from infected victims, indicating that this Ransomware-as-a-Service operation is active.

While little is known about the RaaS operation and how it is being promoted, a sample of the encryptor was found by MalwareHunterTeam, allowing us to get a quick look at how it operates.
Click to expand...
www.bleepingcomputer.com

Cybersecurity firm Sophos impersonated by new SophosEncrypt ransomware

Cybersecurity vendor Sophos is being impersonated by a new ransomware-as-a-service called SophosEncrypt, with the threat actors using the company name for their operation.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • +Reputation
  • Like
Reactions: Kongo, Zero Knowledge, oldschool and 7 others
Kongo

Kongo

Level 36
Verified
Top Poster
Well-known
Feb 25, 2017
2,585
Attackers will sometimes use the name of security companies in their malware. While performing a regular search on VirusTotal looking for interesting malware and new ransomware variants using our threat hunting rules this week, a Sophos X-Ops analyst discovered a novel ransomware executable that appears to use “Sophos” in the UI of the panel alerting that files have been encrypted, (shown below) and as the extension (“.sophos”) for encrypted files.
The SophosLabs teams immediately investigated and began work on developing a targeted detection rule for Sophos endpoint security products, but a pre-existing behavioral rule (and Sophos CryptoGuard) blocked the ransomware from causing harm in tests. This targeted detection rule has been released as indicated in “Detections,” below.
Click to expand...

news.sophos.com

Sophos Discovers Ransomware Abusing “Sophos” Name

Attackers will sometimes use the name of security companies in their malware. While performing a regular search on VirusTotal looking for interesting malware and new ransomware variants using our t…
news.sophos.com news.sophos.com
 
  • Like
  • +Reputation
  • Wow
Reactions: silversurfer, Gandalf_The_Grey, Zero Knowledge and 5 others
You must log in or register to reply here.

Similar threads

[correlate]
    • Like
BlackCat ransomware hits Azure Storage with Sphynx encryptor
Replies
0
Views
1,428
News Archive
[correlate]
[correlate]
[correlate]
    • Like
    • +Reputation
Security News Ransomware gang deploys new malware to kill security software
Replies
0
Views
1,576
Security News
[correlate]
[correlate]
Gandalf_The_Grey
    • Like
    • +Reputation
HelloKitty ransomware source code leaked on hacking forum
Replies
1
Views
1,748
News Archive
cruelsister
cruelsister

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top