This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Ransomware alert

We are hit with potential ransomware but it shows strange originating IP address.  How can i figure out where it originated.

CryptoGuard detected a ransomware attack from fe80::6d67:8f89:d7d5:be80



This thread was automatically locked due to age.
  • Hi,

    Thanks for reaching out to the Sophos Community Forum. 

    The IP address you mention looks to be an ipv6 address. The fe80 prefix indicates that the device the traffic originated from is on your local network. 

    The nslookup command may help you determine which device has this IP address, however, if you have a network firewall or router, this can also be used to find out what device has this IP address assigned.

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids