• 14 Feb 2020

    Decoding Malicious PowerShell Activity - A Case Study

    IT Administrators and Security Specialists often run into a suspicious looking PowerShell command; sometimes they succeed in decoding them but often, they are reliant on researchers. This blog should serve as a guidance to identify the purpose of suspicious entries found in: Scheduled Tasks RUN Keys in the Registry Static PowerShell Scripts Proxy Logs if a Web Server is exploited for a Remote Code Execution...
    • 23 Oct 2019

    Requests to re-categorize by third parties for PUA/Adware detections (possible Deceptor component)

    Hi Everyone, The below article provides details about how we categorize PUA/Adware detections and how to provide us with the information we need to determine if a re-categorization is required.
    • 23 Jan 2017

    Watch Locky Ransomware in action and learn how Sophos stops it

    Hi everyone, We have just published a new video taking a look at how ransomware works. You can find it here: https://www.youtube.com/watch?v=ajTcYRIwoqU In this video we are going to show you what happens when Locky Ransomware attacks a computer. You will see what a typical user would see if they were the victim of such an attack. We will then show you several scenarios demonstrating how Sophos protects the computers...