Microsoft has reported that its security services tracked down more than 100 different hacker groups deploying ransomware during their attacks. The company says it is now tracking more than 50 unique ransomware families that were in active use until the end of last year.
“Some of the more notorious ransomware in recent campaigns include Lockbit Black, BlackCat (aka ALPHV), Play, Vice Society, Black Basta, and Royal,” Microsoft said in a statement.
However, protection strategies should focus less on payloads and more on the chain of actions that lead to their deployment. Because ransomware groups continue to target devices and servers that have not yet received the latest security patches and are vulnerable to malicious attacks.
While new families of ransomware are constantly emerging, most attackers use similar tactics to break into and spread across networks. This makes us think that it is much more efficient to identify a threat before it is activated, even at the deployment stage. This is where the corporation needs to direct its efforts, and not to issue endless patches.
Attackers are increasingly using tactics beyond phishing to carry out their attacks, Microsoft added, with groups such as DEV-0671 and DEV-0882 using newly patched Exchange Server vulnerabilities to compromise still vulnerable servers and deploy Cuba and Play ransomware.
The Exchange team previously urged administrators to deploy the latest supported cumulative update themselves to secure on-premises Exchange servers and ensure they are always ready to install an emergency security update.