The ransomware landscape is a complex, crowded and rapidly evolving ecosystem. New and rebranded groups appear and disappear continuously, while the operators behind them share, rent, steal, or copy each other’s attack tools, playbooks and even infrastructure.
Sophos has been monitoring and reporting on the ransomware landscape for years, building an unrivalled library of insight and analysis. The Ransomware Threat Intelligence Center brings together a curated list of the most important research articles and reports published by Sophos on prevalent, new, and emerging ransomware threats, including their tools, techniques, and behaviors, from 2018 to the present. The content will be updated regularly as new material becomes available.
For further information on ransomware, including advice on security best practice and the latest State of Ransomware report, visit Sophos’ Resources to Stop Ransomware.
Sophos Research and Reports on Prevalent and New Ransomware Groups, 2018 to 2022
Astro Locker
Sophos MTR in real time: What is Astro Locker team?
March 31, 2021 – A Sophos incident response investigation uncovers similarities between Astro Locker and Mount Locker ransomware
Avos Locker
Avos Locker remotely accesses boxes, even running in Safe Mode
Dec. 22, 2021 – Sophos reports how the relatively new ransomware-as-a-service (RaaS), Avos Locker boots target computers into Safe Mode to execute the ransomware and tries to disable security software
Atom Silo
Atom Silo ransomware actors use Confluence exploit, DLL side-load for stealthy attack
Oct. 4, 2021 – Sophos reports on an attack by the relatively new ransomware group Atom Silo that leveraged a recent vulnerability in Atlassian’s Confluence collaboration software and tried to disrupt endpoint protection software. The Confluence vulnerability was also exploited by a crypto miner
