Microsoft’s security team says it’s tracking over 100 ransomware actors

These groups are using more than 50 ransomware variants

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Microsofthas revealed it is tracking more than 100 threat actors deployingransomwareagainst businesses around the world.

Ina recent Twitter thread, the company discussed the current state of ransomware, saying the Ransomware-as-a-service (RaaS) ecosystem continues evolving and expanding.

The threat actors (of which the company tracks more than 100) are bringing “varying techniques, goals, and skillsets” to the fray. Right now, more than 50 unique ransomware families are active and in use, the company said.

Focusing on the build-up

Focusing on the build-up

While phishing remains the number one way for hackers to deliver ransomware payloads to victims, they’re “increasingly” relying on other techniques, as well, Microsoft added.

Among others, they’re using malicious ads to deliver victims to websites hosting ransomware and other malware. Some are looking to exploit recently patched vulnerabilities, in hopes that their targets did not get the chance to apply the patch on time. Others are trying to distributemalwarethat poses as software updates.

Among the most popular ransomware variants these days are Lockbit Black, BlackCat (aka ALPHV), Play, Vice Society, Black Basta, & Royal.

To defend against ransomware, Microsoft says, businesses should not focus on these payloads. Instead, they should focus on the “chain of activities” that lead to the final compromise. In other words, businesses need to make sure their endpoints are always updated with the latest patches, and that their employees are well-trained and always on the lookout for a potential phishing attack.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

What is ransomware and how does it work?>This new ransomware is seeing rapid growth, so beware>Check out the best malware protection right now

In phishing attacks, emails usually carry a sense of urgency, demanding the user to immediately download and run a file, or visit a website. Most popular phishing themes include a DHL parcel pending delivery, an unpaid invoice, or similar.

However, that doesn’t mean businesses should not deploy malware protection and other cybersecurity solutions. A solid backup solution is a must, in the combat against ransomware, as well as a firewall and an antivirus solution.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Washington state court systems taken offline following cyberattack

Is it still worth using Proton VPN Free?

Google Pixel 9 vs Samsung Galaxy S24: which base model is better?