Ransomware threatens the security of Microsoft again.

Over the past year, Conti's cybercrime efforts have winded down and new campaigns have emerged for ransomware-as-a-service (Raas) like Royal, Play, and BlackBasta.

Meanwhile, ransomware operators LockBit, Hive, Cuba, BlackCat, and Ragnar continued their hack throughout 2022, trying to extort a steady stream of victims.

Report about the ransomware:

However, according to blockchain analysis firm Chainalysis, ransomware syndicates saw their revenue decline by about 40% last year, making a record $765 million in the past two years, before making more money from victims throughout 2022. They extorted only about $456.8 million.

However, this significant decrease is not due to a decrease in attacks, but rather to the victims' refusal to pay the ransom to the attackers.

Microsoft's reaction to the ransomware:

Microsoft revealed today that its security team was tracking more than 100 ransomware syndicates and more than 50 families of ransomware in active use at the end of last year.

Microsoft's best strategy to fend off ransomware attacks:

"But defence strategies should focus less on the payload and more on the chain of action leading to its spread," Microsoft said. This is because ransomware swarms continue to target servers and devices that have not yet been patched for common or recently addressed vulnerabilities.

Most vulnerable servers:

Furthermore, while new families of ransomware are being released all the time, most threat actors use the same tactics when penetrating and spreading networks, and efforts to detect such behaviour are limited to attacks.

Last week, the Exchange team asked administrators to protect their on-premises Exchange servers by deploying the latest supported cumulative update (CU) and always having the necessary security updates available.

More than 60,000 Exchange servers exposed to the Internet remain vulnerable to attack using the ProxyNotShell RCE exploit. Meanwhile, thousands of people are waiting to be protected from attacks targeting two of the most exploited security flaws of 2021.

Most used methods of ransomware:

Other ransomware representatives also switch to malicious ads or use them to pay malware uploaders and downloads that help promote many other malware strains such as ransomware and information theft.

For example, the threat actor traced as DEV-0569 is believed to have been the primary access medium for ransomware mobsters, misusing Google ads in large-scale ad campaigns to distribute malware, steal malware from infected devices, steal passwords, and eventually gain access to an enterprise network.