UK cyber-security vendor Sophos published today an update on its investigation into a recent series of attacks that tried to exploit a zero-day vulnerability in its XG firewall product. Sophos said that after they learned of the incident and issued a hotfix, the attackers panicked and modified their attack routine to replace their original data-stealing payload and deploy ransomware on corporate networks protected by Sophos firewalls. Sophos said that firewalls which received the hotfix blocked the subsequent attempts to install ransomware.
Source: ZD Net