Sophos: Hackers tried two methods of exploiting a zero-day vulnerability in Sophos’ XG firewall. Sophos detected the first wave of these attacks between April 22 and 26. Attackers originally attempted to plant a Trojan in networks by exploiting the vulnerability, but then switched to ransomware. The company also recommended that its customers reboot their firewalls and change administrative settings and passwords to prevent hackers from taking advantage of the vulnerability. The attack would have happened if a firewall that hadnt been rebooted or power-cycled, Sophos says.”]
Source: https://www.govinfosecurity.com/hackers-tried-to-exploit-zero-day-flaw-in-sophos-firewall-a-14325