We are hit with potential ransomware but it shows strange originating IP address. How can i figure out where it originated.
CryptoGuard detected a ransomware attack from fe80::6d67:8f89:d7d5:be80
Hi,
Thanks for reaching out to the Sophos Community Forum.
The IP address you mention looks to be an ipv6 address. The fe80 prefix indicates that the device the traffic originated from is on your local network.
The nslookup command may help you determine which device has this IP address, however, if you have a network firewall or router, this can also be used to find out what device has this IP address assigned.