A real-world story from the Sophos Managed Threat Response team

This is a great read and worth your time if you have any interest in security and this shows the what you can expect from a strong MTR engagement experience.

Setting the scene

The organization in question came to Sophos Rapid Response after falling victim to a Ragnar Locker attack in early 2020. A ransomware payload was delivered manually by a highly capable group at around 2 a.m., while admins were asleep, hitting as many computers as they could in quick succession.

They hit hundreds.

Sophos Rapid Response was brought in to help identify, contain and neutralize the threat. It took the team less than two days to resolve the active threat and over the following days incident responders were able to ascertain the threat actor had entered the network two months prior to the ransomware attack.

With the Ragnar group removed from their network, the customer transitioned to the full MTR service in Notify mode with our security operations team watching over them 24/7.

While the pressing threat of Ragnar Locker was out of the picture, in November 2020 another threat actor stepped into view…