Category: Conti

Providing Solutions

The Ransomware Threat Intelligence Center

A collection of Sophos threat research articles and security operations reports related to new or prevalent ransomware groups from 2018 to the present. The content will be updated as new research is published

Countermeasures and observability key to defending against attackers trying to buy security products

The leak of Conti ransomware’s internal chat logs revealed the attackers tried to buy security software so they could figure out how to bypass it and avoid detection

Conti and Karma actors attack healthcare provider at same time through ProxyShell exploits

An unpatched Microsoft Exchange Server let both ransomware actors in; Karma just stole data, while Conti encrypted.

Winners and losers in the ransomware turf wars

A personal end of year perspective on the changing ransomware landscape, to accompany the Sophos 2022 Threat Report