The executable uses 'Sophos' in the ransom notice and the '.sophos' extension for encrypted files
Most of the leaked data is made up of technical program files and administrative business data, according to Royal Mail
Breach followed a social engineering attack on a support employee
The availability of the code has spurred new attacks by people outside the Babuk group
Flows expected to return to normal levels by the weekend
British companies see Russia as a bigger threat than China
Attackers likely entered the network through a phishing scam or brute force attack
Twenty-five alleged victims - many of them previously unknown - listed on Maze's website