DEV-0569 finds new ways to deliver Royal ransomware, various payloads
Microsoft Security Blog » Ransomware
by
2y ago
DEV-0569’s recent activity shows their reliance on malvertising and phishing in delivering malicious payloads. The group’s changes and updates in delivery and payload led to distribution of info stealers and Royal ransomware ..read more
Visit website
Stopping C2 communications in human-operated ransomware through network protection
Microsoft Security Blog » Ransomware
by
2y ago
Providing advanced protection against increasingly sophisticated human-operated ransomware, Microsoft Defender for Endpoint’s network protection leverages threat intelligence and machine learning to block command-and-control (C2) communications ..read more
Visit website
DEV-0832 (Vice Society) opportunistic ransomware campaigns impacting US education sector
Microsoft Security Blog » Ransomware
by
2y ago
In recent months, Microsoft has detected active ransomware and extortion campaigns impacting the global education sector, particularly in the US, by a threat actor we track as DEV-0832, also known as Vice Society ..read more
Visit website
Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity
Microsoft Security Blog » Ransomware
by
2y ago
Microsoft has discovered recent activity indicating that the Raspberry Robin worm is part of a complex and interconnected malware ecosystem, with links to other malware families and alternate infection methods beyond its original USB drive spread ..read more
Visit website
Guidance for preventing, detecting, and hunting for exploitation of the Log4j 2 vulnerability
Microsoft Security Blog » Ransomware
by
2y ago
Microsoft is tracking threats taking advantage of the remote code execution (RCE) vulnerability in Apache Log4j 2. Get technical info and guidance for using Microsoft security solutions to protect against attacks ..read more
Visit website
Ransomware as a service: Understanding the cybercrime gig economy and how to protect yourself
Microsoft Security Blog » Ransomware
by
2y ago
Microsoft coined the term “human-operated ransomware” to clearly define a class of attack driven by expert human intelligence at every step of the attack chain and culminate in intentional business disruption and extortion. In this blog, we explain the ransomware as a service (RaaS) affiliate model and disambiguate between the attacker tools and the various threat actors at play during a security incident ..read more
Visit website
The many lives of BlackCat ransomware
Microsoft Security Blog » Ransomware
by
2y ago
The use of an unconventional programming language, multiple target devices and possible entry points, and affiliation with prolific threat activity groups have made the BlackCat ransomware a prevalent threat and a prime example of the growing ransomware-as-a-service (RaaS) gig economy ..read more
Visit website
North Korean threat actor targets small and midsize businesses with H0lyGh0st ransomware
Microsoft Security Blog » Ransomware
by
2y ago
A group of actors originating from North Korea that MSTIC tracks as DEV-0530 has been developing and using ransomware in attacks since June 2021. This group, which calls itself H0lyGh0st, utilizes a ransomware payload with the same name ..read more
Visit website
Looking for the ‘Sliver’ lining: Hunting for emerging command-and-control frameworks
Microsoft Security Blog » Ransomware
by
2y ago
Threat actors evade detection by adopting the Sliver command-and-control (C2) framework in intrusion campaigns ..read more
Visit website
New “Prestige” ransomware impacts organizations in Ukraine and Poland
Microsoft Security Blog » Ransomware
by
2y ago
The Microsoft Threat Intelligence Center (MSTIC) has identified evidence of a novel ransomware campaign targeting organizations in the logistics and transportation industry in Ukraine and Poland utilizing a previously unidentified ransomware payload ..read more
Visit website

Follow Microsoft Security Blog » Ransomware on FeedSpot

Continue with Google
Continue with Apple
OR