Cybersecurity firm Sophos confirm ransomware impersonation

First made aware by malware hunters, Sophos has launched an investigation into the bad actors using the company name for their ransomware activities

Sophos, a leading IT security company that develops products for encryption, network security and threat management, was recently alerted to a ransomware impersonating the company.

First alerted by MalwareHunterTeam, the new ransomware-as-a-service includes “Sophos” in its user interface and alerts that files have been encrypted. The company has since issued a blog post stating that its team is currently investigating the situation.

The situation speaks to wider concerns of businesses being impersonated or hacked by cyber attackers more frequently. What is most concerning is how these ransomware groups are able to remain undetected for so long, allowing them to completely infiltrate company systems.

Cyber bad actors continue to exploit global businesses

This type of ransomware attack aims to impact the credibility of Sophos by creating ransom notes under the company name. Company analysis has confirmed that one of the samples has the capability to complete more actions than just encrypting files, which the company cites as unusual. 

Sophos noted that findings revealed that the operation's ransomware samples could be detected by Sophos Intercept X - the company’s software that aims to protect devices and data with full disk encryption for Windows and macOS.

According to the blog post, the ransomware also emphasises methods for the target to use to communicate with the attacker that most ransomware groups no longer use. With this in mind, Sophos believes that it is operating like a general-purpose remote access trojan (RAT).

The firm also stated that both samples connect to a hardcoded IP address that has been previously associated with previous malicious attacks that distribute cryptominers.

Attacks of this nature are becoming a lot more sophisticated which makes them harder to discover and eliminate. In particular, technology company Fujitsu was recently criticised by the Japanese government for cybersecurity and cloud failings in the wake of data leaks that were not discovered by the company for eight months.

Similarly, a flaw in Revolut’s US payment system allowed cyber criminals to steal more than US$20m over a period of several months in 2022 before the company could close the digital fault.

Ransomware attacks often target organisations to extract sensitive data and ultimately cause financial and ethical implications for companies around the world. Although organisations are working to combat these with greater security measures and education, it is still a huge threat to global businesses. 

Companies and users will need to continue to take lead from cybersecurity experts to stay ahead of the curve and best protect against bad actors.



For more insights into the world of Technology - check out the latest edition of Cyber Magazine and be sure to follow us on LinkedIn & Twitter.

Other magazines that may be of interest - AI Magazine | Technology Magazine

Please also check out our upcoming event - Sustainability LIVE in London on September 6-7 2023.


BizClik is a global provider of B2B digital media platforms that cover Executive Communities for CEOs, CFOs, CMOs, Sustainability Leaders, Procurement & Supply Chain Leaders, Technology & AI Leaders, Cyber Leaders, FinTech & InsurTech Leaders as well as covering industries such as Manufacturing, Mining, Energy, EV, Construction, Healthcare + Food & Drink.

BizClik – based in London, Dubai, and New York – offers services such as Content Creation, Advertising & Sponsorship Solutions, Webinars & Events.



Featured Articles

Barracuda: Why Businesses Struggle to Manage Cyber Risk

Barracuda Networks CIO report shows that six in 10 businesses struggle to manage cyber risk, with issues such as policy struggles and management buy-in

Evri, Amazon and Paypal Among Brands Most Used by Scammers

With the development of AI, cybercriminals are becoming more and more sophisticated in their attacks, using fake websites and impersonating popular brands

Tech & AI LIVE: Key Events that are Vital for Cybersecurity

Connecting the world’s technology and AI leaders, Tech & AI LIVE returns in 2024, find out more on what’s to come in 2024

MWC Barcelona 2024: The Future is Connectivity

Technology & AI

AI-Based Phishing Scams Are On The Rise This Valentine’s Day

Cyber Security

Speaker Lineup Announced for Tech Show London 2024

Technology & AI