Security News > 2023 > January > Microsoft: Over 100 threat actors deploy ransomware in attacks
Microsoft revealed today that its security teams are tracking over 100 threat actors deploying ransomware during attacks.
In all, the company says it monitors over 50 unique ransomware families that were actively used until the end of last year.
While new ransomware families launch all the time, most threat actors utilize the same tactics when breaching and spreading through networks, making the effort of detecting such behavior even more helpful in thwarting their attacks.
As Redmond added, attackers increasingly rely on tactics beyond phishing to conduct their attacks, with threat actors, such as DEV-0671 and DEV-0882, capitalizing on recently patched Exchange Server vulnerabilities to hack vulnerable servers and deploy Cuba and Play ransomware.
Other ransomware actors are also switching to or using malvertising to deliver malware loaders and downloaders that help push ransomware and various other malware strains, such as information stealers.
A threat actor tracked as DEV-0569, believed to be an initial access broker for ransomware gangs, is now abusing Google Ads in widespread advertising campaigns to distribute malware, steal passwords from infected devices, and ultimately gain access to enterprise networks.
News URL
Related news
- BianLian Threat Actors Exploiting JetBrains TeamCity Flaws in Ransomware Attacks (source)
- Black Basta, Bl00dy ransomware gangs join ScreenConnect attacks (source)
- FBI, CISA warn US hospitals of targeted BlackCat ransomware attacks (source)
- FBI Warns U.S. Healthcare Sector of Targeted BlackCat Ransomware Attacks (source)
- LockBit ransomware returns to attacks with new encryptors, servers (source)
- CISA warns of Microsoft Streaming bug exploited in malware attacks (source)
- Fidelity customers' financial info feared stolen in suspected ransomware attack (source)
- Fidelity customers' financial info feared stolen in suspected ransomware attack (source)
- Alert: GhostSec and Stormous Launch Joint Ransomware Attacks in Over 15 Countries (source)
- Duvel says it has "more than enough" beer after ransomware attack (source)