 |
| Microsoft reveals the current status of ransomware gangs |
Microsoft announced that it is tracking more than 100 malicious actors that proliferate ransomware against companies around the world.
In a thread on Twitter, the company discussed the current state of ransomware and said that the RaaS ecosystem continues to grow and evolve.
The US software giant said the threat actors it tracks now have different techniques, targets, and capabilities, adding that more than 50 unique strains of ransomware are currently active and prevalent.
While phishing remains the primary method hackers use to place ransomware payloads on victim computers, Microsoft believes it is increasingly relying on other technologies as well.
Among these techniques, the company mentions: malicious advertisements that hackers use to lure victims to websites that host ransomware and other malware.
According to Microsoft, some hackers try to exploit vulnerabilities in recent patches, hoping that their targets won't have a chance to apply the patch in time. Others try to spread malware masquerading as software updates.
Currently, the most popular ransomware variants are Lockbit Black, BlackCat, Play, Vice Society, Black.Black Basta, and Royal.
According to Microsoft, to defend against ransomware, companies should focus not on these payloads, but on the "chain of activity" that leads to compromise and damages. In other words, organizations need to ensure that their connected devices are always patched, their employees are well trained, and they are always on the lookout for potential phishing attacks.
In phishing attacks, the emails often contain a sense of urgency and urge the user to immediately download and run a file or visit a website. Common phishing topics are DHL parcel delivery, unpaid bills, etc.
However, this does not mean that companies should not use anti-malware and other cyber security solutions. A robust backup solution as well as a firewall and antivirus solution is essential in the fight against ransomware.