Law enforcement action and exit scams have damaged the big gangs' brands
The executable uses 'Sophos' in the ransom notice and the '.sophos' extension for encrypted files
Cyber-criminal groups have recently ramped up their use of Ransomware-as-a-Service (RaaS) BlackCat/ALPHA-V, first identified by security researchers in November 2021, and upped the ante by publishing the hacked data on a dedicated website.