Search This Blog

Powered by Blogger.

Blog Archive

Labels

Cybercriminals Masquerade as Cybersecurity Company to Hijack Entire PCs

Attackers have devised a new approach to deceive unsuspecting victims, even using reputable names as a cover.

 

In the latest cyber threat, hackers have devised a new approach to deceive unsuspecting victims, even using reputable names as a cover. A ransom-as-a-service (RaaS) attack called "SophosEncrypt" has emerged, masquerading as the cybersecurity vendor Sophos.

The operation of SophosEncrypt was brought to light by MalwareHunterTeam on Twitter and has since been acknowledged by Sophos. Initially, there were suspicions that this might be a red team exercise conducted by Sophos itself—a simulated attack to test their security measures. 

However, it has been confirmed that SophosEncrypt is entirely unrelated to the cybersecurity firm and has only adopted its name to instill a sense of urgency and seriousness for victims to comply with the attackers' demands.

The ransomware is distributed through yet unknown means, but common methods include phishing emails, malicious websites, popup ads, and exploiting software vulnerabilities. BleepingComputer reports that the ransomware campaign is active and explains how the encryption process functions.

When executed, SophosEncrypt demands a token associated with the targeted victim, which is verified online before initiating the attack. Nevertheless, researchers have discovered that disabling network connections can bypass this step. 

Once operational, the attacker gains the ability to encrypt specific files or the entire device, appending the ".sophos" extension to the encrypted files. Subsequently, victims are prompted to contact the attackers for file decryption, with payment usually demanded through untraceable cryptocurrency. Simultaneously, the Windows desktop wallpaper is changed to notify the user of the encryption using the Sophos name.

Sophos has managed to gather some information about the attackers, revealing their association with Cobalt Strike command-and-control and crypto-mining software.

To safeguard against the rising tide of ransomware attacks, it is essential to exercise caution. Refrain from accepting files from unfamiliar sources, even from individuals you know, as they could be unwitting carriers of malicious content due to being hacked themselves. 

Additionally, be aware that legitimate cybersecurity companies would never encrypt files and demand payment for recovery. Hence, if something seems suspicious, it is best to err on the side of caution and take steps to protect yourself from potential threats.
Share it:

Cyber Data

Cyber Safety

Cyber Security

Data

Safety

Security

User Data

User Safety