Microsoft reveals it’s tracking 100+ threat actors deploying ransomware (opens in a new tab) against businesses around the world.
exist Recent Twitter Topics (opens in a new tab)the company discussed the current state of ransomware, saying that the ransomware-as-a-service (RaaS) ecosystem is constantly evolving and expanding.
Threat actors (the company tracks more than 100) are adding “different techniques, goals and skill sets” to the fray. The company says there are currently more than 50 unique ransomware families active and in use.
focus on building
Microsoft added that while phishing remains the top way hackers deliver ransomware payloads to victims, they are also “increasingly” relying on other techniques.
In it, they use malvertising to deliver victims to websites hosting ransomware and other malware. Some hope to exploit a recently patched vulnerability, hoping their target doesn’t have the opportunity to apply the patch in time. Others try to distribute malware masquerading as software updates.
The most popular ransomware variants today include Lockbit Black, BlackCat (aka ALPHV), Play, Vice Society, Black Basta, and Royal.
To defend against ransomware, companies should not pay attention to these payloads, Microsoft said. Instead, they should focus on the “chain of activities” that lead to the eventual compromise. In other words, businesses need to ensure that their endpoints are always updated with the latest patches, and that their staff is well-trained and vigilant against potential phishing attacks.
In phishing attacks, emails often carry a sense of urgency, asking users to immediately download and run a file or visit a website. The most popular phishing themes include DHL packages pending delivery, unpaid invoices, or similar.
However, that doesn’t mean businesses shouldn’t deploy malware protection and other cybersecurity solutions. When it comes to fighting ransomware, along with firewall and antivirus solutions, having a solid backup solution is a must.
