Microsoft Security Blog » Ransomware
135 FOLLOWERS
Read the latest news and posts and get helpful insights about Ransomware from Microsoft's team of experts at Microsoft Security Blog.
Microsoft Security Blog » Ransomware
2y ago
DEV-0569’s recent activity shows their reliance on malvertising and phishing in delivering malicious payloads. The group’s changes and updates in delivery and payload led to distribution of info stealers and Royal ransomware ..read more
Microsoft Security Blog » Ransomware
2y ago
Providing advanced protection against increasingly sophisticated human-operated ransomware, Microsoft Defender for Endpoint’s network protection leverages threat intelligence and machine learning to block command-and-control (C2) communications ..read more
Microsoft Security Blog » Ransomware
2y ago
In recent months, Microsoft has detected active ransomware and extortion campaigns impacting the global education sector, particularly in the US, by a threat actor we track as DEV-0832, also known as Vice Society ..read more
Microsoft Security Blog » Ransomware
2y ago
Microsoft has discovered recent activity indicating that the Raspberry Robin worm is part of a complex and interconnected malware ecosystem, with links to other malware families and alternate infection methods beyond its original USB drive spread ..read more
Microsoft Security Blog » Ransomware
2y ago
Microsoft is tracking threats taking advantage of the remote code execution (RCE) vulnerability in Apache Log4j 2. Get technical info and guidance for using Microsoft security solutions to protect against attacks ..read more
Microsoft Security Blog » Ransomware
2y ago
Microsoft coined the term “human-operated ransomware” to clearly define a class of attack driven by expert human intelligence at every step of the attack chain and culminate in intentional business disruption and extortion. In this blog, we explain the ransomware as a service (RaaS) affiliate model and disambiguate between the attacker tools and the various threat actors at play during a security incident ..read more
Microsoft Security Blog » Ransomware
2y ago
The use of an unconventional programming language, multiple target devices and possible entry points, and affiliation with prolific threat activity groups have made the BlackCat ransomware a prevalent threat and a prime example of the growing ransomware-as-a-service (RaaS) gig economy ..read more
Microsoft Security Blog » Ransomware
2y ago
A group of actors originating from North Korea that MSTIC tracks as DEV-0530 has been developing and using ransomware in attacks since June 2021. This group, which calls itself H0lyGh0st, utilizes a ransomware payload with the same name ..read more
Microsoft Security Blog » Ransomware
2y ago
Threat actors evade detection by adopting the Sliver command-and-control (C2) framework in intrusion campaigns ..read more
Microsoft Security Blog » Ransomware
2y ago
The Microsoft Threat Intelligence Center (MSTIC) has identified evidence of a novel ransomware campaign targeting organizations in the logistics and transportation industry in Ukraine and Poland utilizing a previously unidentified ransomware payload ..read more