
Peter Mackenzie
Peter leads the Incident Response Team at Sophos. He works with an expert team of threat hunters to help organizations targeted by cyberthreats to investigate, contain and neutralize attacks. Peter has been with Sophos since 2011 and specialises in ransomware attacks.
Content by Peter Mackenzie

Threat Research
Ransomware
Hive
Lockbit
BlackCat
LLM
AI
Money Laundering
Laughter in the dark: Tales of absurdity from the cyber frontline and what they taught us
January 13, 2026

Security Operations
Featured
malware
MTR
ProxyLogon
ProxyShell
Rapid Response
Sophos XDR
Squirrelwaffle
Rapid Response: The Squirrelwaffle Incident Guide
February 15, 2022

Security Operations
Avaddon
Clop ransomware
Conti
DarkSide
Egregor
Featured
LockBit Ransomware
Maze ransomware
Ragnar Locker ransomware
REvil
Sophos Rapid Response
Threat Research
The Top 10 Ways Ransomware Operators Ramp Up the Pressure to Pay
October 28, 2021

Security Operations
Threat Research
Conti
Featured
ProxyShell
Conti affiliates use ProxyShell Exchange exploit in ransomware attacks
September 3, 2021

Security Operations
Encryption
Ransomware
Security
Sophos Managed Threat Response (MTR)
Sophos Rapid Response
Top 10 security misperceptions
May 27, 2021

Security Operations
Encryption
MTR
Ransomware
Security
sidebar
Sophos Rapid Response
What to expect when you’ve been hit with Avaddon ransomware
May 24, 2021

Security Operations
Threat Research
Active Adversary
Active Adversary Report
Featured
Ransomware
sidebar
Sophos EDR
Sophos Managed Threat Response (MTR)
Sophos Rapid Response
The Active Adversary Playbook 2021
May 18, 2021

SophosLabs Uncut
Threat Research
cobalt strike
DarkSide
Mega
pCloud
Ransomware
SystemBC
A defender’s view inside a DarkSide ransomware attack
May 11, 2021

Security Operations
Conti
Ransomware
Rapid Response
Sophos MTR
What to expect when you’ve been hit with Conti ransomware
February 16, 2021