Microsoft has revealed that it is tracking over 100 cybercriminals deploying ransomware (opens in a new tab) against companies around the world.
IN recent Twitter thread (opens in a new tab)the company discussed the current state of ransomware, saying that the Ransomware-as-a-service (RaaS) ecosystem continues to evolve and expand.
Threat actors (over 100 of whom the company tracks) bring “different techniques, targets, and skill sets” to the fight. The company said more than 50 unique ransomware families are currently active and in use.
Focus on development
While phishing remains the main way hackers deliver ransomware to victims, they are “increasingly” relying on other techniques as well, Microsoft added.
Among other things, they use malicious ads to redirect victims to websites containing ransomware and other malware. Some want to exploit recently patched vulnerabilities in the hope that their targets will not have a chance to install the patch in time. Others try to spread malware masquerading as software updates.
The most popular ransomware varieties today include Lockbit Black, BlackCat (aka ALPHV), Play, Vice Society, Black Basta and Royal.
Microsoft says that to defend against ransomware, companies should not focus on these payloads. Instead, they should focus on the “chain of actions” that lead to the final compromise. In other words, companies need to ensure that their endpoints are always updated with the latest patches and that their employees are well trained and always on the lookout for a potential phishing attack.
In the case of phishing attacks, emails are usually urgent and require the user to immediately download and run a file or visit a website. The most common phishing themes include a DHL shipment awaiting delivery, an unpaid invoice, or similar.
However, that doesn’t mean companies shouldn’t implement anti-malware and other cybersecurity solutions. A robust backup solution is a must in the fight against ransomware, as well as a firewall and antivirus solution.