Microsoft Monitors 100 Active Ransomware Groups

Microsoft monitors 100 active ransomware groups

They attack their victims with more than 50 ransomware families. The cybercriminals often gain access to networks via phishing. Ransomware-as-a-service contributes to the success of the cyber extortion business model.

Microsoft Security Intelligence currently monitors more than 100 different ransomware groups actively distributing extortion software. In the process, more than 50 ransomware families are used to encrypt victims’ data and demand ransom for the surrender of decryption keys, according to the company.

Security researchers attributed the high number of cybercrime gangs in part to the Ransomware-as-a-Service (RaaS) business model offered by many ransomware developers. This allows cybercriminals to participate in the unfortunately lucrative extortion schemes without any prior knowledge of their own.

Phishing often serves as gateway

Among the most successful ransomware groups in recent months are Microsoft Lockbit, BlackCat, Vice Society and Royal. LockBit and Conti, among others, rely on the RaaS model: while partners carry out the actual attacks, the developers receive a share of the ransom generated.

According to the software group’s findings, ransomware is mainly introduced via phishing attacks. Brute-force attacks are also popular for gaining access to networks – boosted by the increase in remote access to networks as a result of the Corona pandemic. But malvertising – fake online ads that lead to tampered software, for example – as well as fake software updates are also being used to compromise networks, according to Microsoft.

“Even as they evolve, ransomware attacks continue to exploit common vulnerabilities,” Microsoft added. The company recommends urgently updating computers and networks with the latest security patches to prevent cybercriminals from exploiting known vulnerabilities to access networks. In addition, securing user accounts with multi-factor authentication is a suitable means to fend off attacks with credentials compromised via phishing or brute force, it said.