Home Open Sauce Ransomware: Sophos seems to like getting egg on its face

Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

Ransomware: Sophos seems to like getting egg on its face

Security firm Sophos appears to be unaware that when one is in a hole, it is time to stop digging. Nothing else can account for the fact that when the company found itself with egg on its face over the WannaCry ransomware attack, it chose to try and "clarify" things.

iTWire was one online tech publication which highlighted the fact that Sophos had quietly changed a banner on its site, which initially proclaimed that the "NHS is totally protected by Sophos".

Such a claim did not, obviously, hold water after Britain's National Health Service was badly affected by the WannaCry ransomware over the weekend, hence Sophos quietly changed its banner to read, "Sophos understands the security needs of the NHS".

A sharp-eyed IT security architect named Kevin Beaumont spotted the transition, and posted a tweet about it. And from there, it spread.

Sophos, however, was not content to let sleeping dogs lie. The story appeared on 16 May and by now most people would have forgotten about it.

So the company wrote to iTWire, saying it was, "reaching out on behalf of Sophos in response to your article today, to provide some clarity on the events over the weekend."

sophos before

It is amusing how everyone who is on the receiving end always thinks that there is a lack of clarity at our end! I have conversations every day with people from various companies who are always seeking to "clarify" things that are perfectly clear.

Sophos probably did not want the issue to go away, so it included a rather patronising explanation about WannaCry — patronising in that iTWire had already covered the issue comprehensively — and then tried to pull a little wool over our eyes.

A statement from the company's chief marketing officer, Matt Fairbanks, went this way:

“The marketers at Sophos got a little ahead of themselves and created the landing page in question two years ago." (In other words, it is out of date; no mention however why, if it is so old why it wasn't taken down long ago.)

"This was an orphaned microsite page from a marketing campaign that referred to our total portfolio of products." (Really? What the hell does that mean, anyway?)

sophos after

"The microsite is not now and never was our primary NHS-related page on our website. Small edits were made for accuracy, and from a sensitivity perspective not because of anything being factually incorrect." (This made me laugh out loud. If the NHS was indeed totally protected by Sophos, then why were patients turned away from various hospitals?)

"The criticism is legitimate, and we take it very seriously. We want improvement as much as anyone, and we know our customers help drive that. We are proud of and we value our long-standing relationship with NHS organisations."

It's difficult to understand why Sophos and its executives are such gluttons for punishment.

As if this bizarre email was not enough to bring up the issue again, Sophos also made this offer: "If you would like further comment on this, regional vice-president and managing director, Asia Pacific & Japan, Joergen Jakobsen, is available for select interviews today."

Maybe I'll take the company up on that offer next week and keep the issue in the news a little longer.

One has to wonder: who is advising Sophos about public relations?


Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips



Ransomware is a type of malware that blocks access to your files and systems until you pay a ransom.

The first example of ransomware happened on September 5, 2013, when Cryptolocker was unleashed.

It quickly affected many systems with hackers requiring users to pay money for the decryption keys.

Find out how one company used backup and cloud storage software to protect their company’s PCs and recovered all of their systems after a ransomware strike.


Sam Varghese

website statistics

A professional journalist with decades of experience, Sam for nine years used DOS and then Windows, which led him to start experimenting with GNU/Linux in 1998. Since then he has written widely about the use of both free and open source software, and the people behind the code. His personal blog is titled Irregular Expression.


Popular News