Home Open Sauce Ransomware: Sophos seems to like getting egg on its face

Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

Ransomware: Sophos seems to like getting egg on its face

Security firm Sophos appears to be unaware that when one is in a hole, it is time to stop digging. Nothing else can account for the fact that when the company found itself with egg on its face over the WannaCry ransomware attack, it chose to try and "clarify" things.

iTWire was one online tech publication which highlighted the fact that Sophos had quietly changed a banner on its site, which initially proclaimed that the "NHS is totally protected by Sophos".

Such a claim did not, obviously, hold water after Britain's National Health Service was badly affected by the WannaCry ransomware over the weekend, hence Sophos quietly changed its banner to read, "Sophos understands the security needs of the NHS".

A sharp-eyed IT security architect named Kevin Beaumont spotted the transition, and posted a tweet about it. And from there, it spread.

Sophos, however, was not content to let sleeping dogs lie. The story appeared on 16 May and by now most people would have forgotten about it.

So the company wrote to iTWire, saying it was, "reaching out on behalf of Sophos in response to your article today, to provide some clarity on the events over the weekend."

sophos before

It is amusing how everyone who is on the receiving end always thinks that there is a lack of clarity at our end! I have conversations every day with people from various companies who are always seeking to "clarify" things that are perfectly clear.

Sophos probably did not want the issue to go away, so it included a rather patronising explanation about WannaCry — patronising in that iTWire had already covered the issue comprehensively — and then tried to pull a little wool over our eyes.

A statement from the company's chief marketing officer, Matt Fairbanks, went this way:

“The marketers at Sophos got a little ahead of themselves and created the landing page in question two years ago." (In other words, it is out of date; no mention however why, if it is so old why it wasn't taken down long ago.)

"This was an orphaned microsite page from a marketing campaign that referred to our total portfolio of products." (Really? What the hell does that mean, anyway?)

sophos after

"The microsite is not now and never was our primary NHS-related page on our website. Small edits were made for accuracy, and from a sensitivity perspective not because of anything being factually incorrect." (This made me laugh out loud. If the NHS was indeed totally protected by Sophos, then why were patients turned away from various hospitals?)

"The criticism is legitimate, and we take it very seriously. We want improvement as much as anyone, and we know our customers help drive that. We are proud of and we value our long-standing relationship with NHS organisations."

It's difficult to understand why Sophos and its executives are such gluttons for punishment.

As if this bizarre email was not enough to bring up the issue again, Sophos also made this offer: "If you would like further comment on this, regional vice-president and managing director, Asia Pacific & Japan, Joergen Jakobsen, is available for select interviews today."

Maybe I'll take the company up on that offer next week and keep the issue in the news a little longer.

One has to wonder: who is advising Sophos about public relations?


Did you know: 1 in 10 mobile services in Australia use an MVNO, as more consumers are turning away from the big 3 providers?

The Australian mobile landscape is changing, and you can take advantage of it.

Any business can grow its brand (and revenue) by adding mobile services to their product range.

From telcos to supermarkets, see who’s found success and learn how they did it in the free report ‘Rise of the MVNOs’.

This free report shows you how to become a successful MVNO:

· Track recent MVNO market trends
· See who’s found success with mobile
· Find out the secret to how they did it
· Learn how to launch your own MVNO service


Sam Varghese

website statistics

A professional journalist with decades of experience, Sam for nine years used DOS and then Windows, which led him to start experimenting with GNU/Linux in 1998. Since then he has written widely about the use of both free and open source software, and the people behind the code. His personal blog is titled Irregular Expression.