Microsoft details threat actors techniques for deploying ransomware

Share post:

Last year, over 100 threat actors carried out ransomware attacks, and the number of active ransomware families used in attacks surpassed 50, with Microsoft security teams tracking each and every one of them.

Microsoft claims that while threat actors continue to rely on phishing for initial access, they have become more reliant on other techniques. The use of malvertising to surface links leading to various first-stage malware that eventually deliver ransomware or other payloads is one of the most common.

In 2022, the most popular ransomware payloads were LockBit Black, BlackCat/ALPHV, Vice Society, Black Basta, Play, and Royal, says Microsoft. It goes on to say that the threat actor DEV-0569, uses malicious ads to distribute Batloader, which then delivers post-exploitation tooling associated with DEV-0846, resulting in the deployment of Royal ransomware.

However, Microsoft stated that defense strategies should prioritize activity chains prior to deployment rather than payloads themselves, in light of the persistent targeting of unpatched servers and devices to facilitate attacks.

Such a technique was observed in the exploitation of Exchange Servers vulnerable to recently patched flaws by DEV-0671 and DEV-0882 in order to enable the deployment of the Cuba and Play ransomware. It used newly patched vulnerabilities, including those in Exchange Server, to deploy the Play and Cuba ransomware, highlighting the importance of applying security patches as soon as possible.

In conclusion, Microsoft says; “Even as they evolve, ransomware attacks continue to rely on common security weaknesses that allow them to succeed. Get insights and guidance for defending against ransomware attacks.”

The sources for this piece include an article in BleepingComputer.

Featured Tech Jobs



Related articles

Kaspersky uncovers malware targeting iPhones running iOS 15.7 and below

Kaspersky has uncovered a sophisticated malware campaign specifically designed to infect iPhones running up to iOS 15.7 through...

WordPress fixes critical Jetpack plugin vulnerability

WordPress has addressed a critical flaw discovered in the Jetpack plugin, which had the potential to enable authors...

Akamai discovers Dark Frost botnet exploiting gaming platforms

Akamai's security intelligence response team recently has alerted the general public of Dark Frost, a botnet that has...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways