Microsoft’s security team says it’s tracking over 100 ransomware actors

Microsoft has revealed it is tracking more than 100 threat actors deploying ransomware against businesses around the world.

In a recent Twitter thread, the company discussed the current state of ransomware, saying the Ransomware-as-a-service (RaaS) ecosystem continues evolving and expanding. 

The threat actors (of which the company tracks more than 100) are bringing “varying techniques, goals, and skillsets” to the fray. Right now, more than 50 unique ransomware families are active and in use, the company said.

Focusing on the build-up

While phishing remains the number one way for hackers to deliver ransomware payloads to victims, they’re “increasingly” relying on other techniques, as well, Microsoft added. 

Among others, they’re using malicious ads to deliver victims to websites hosting ransomware and other malware. Some are looking to exploit recently patched vulnerabilities, in hopes that their targets did not get the chance to apply the patch on time. Others are trying to distribute malware that poses as software updates.

Among the most popular ransomware variants these days are Lockbit Black, BlackCat (aka ALPHV), Play, Vice Society, Black Basta, & Royal. 

To defend against ransomware, Microsoft says, businesses should not focus on these payloads. Instead, they should focus on the “chain of activities” that lead to the final compromise. In other words, businesses need to make sure their endpoints are always updated with the latest patches, and that their employees are well-trained and always on the lookout for a potential phishing attack.

In phishing attacks, emails usually carry a sense of urgency, demanding the user to immediately download and run a file, or visit a website. Most popular phishing themes include a DHL parcel pending delivery, an unpaid invoice, or similar.

However, that doesn’t mean businesses should not deploy malware protection and other cybersecurity solutions. A solid backup solution is a must, in the combat against ransomware, as well as a firewall and an antivirus solution. 

Go to Source