Over 100 different cybercriminal groups are actively carrying out ransomware attacks, deploying over 50 different ransomware families to encrypt networks and demand ransom payment for decryption keys. Expanding.
analysis from Microsoft Security Intelligence Note some of the most prominent ransomware Recent attacks include rock bit, Black cat, Vice AssociationWhen royal.
Attacks are also facilitated by methods provided by ransomware groups. ransomware as a service (RaaS) schemes to allow cybercriminals who have not developed their own ransomware to participate in the action.
Access to RaaS schemes is sold on underground forums, providing aspiring ransomware attackers with all the tools they need to carry out and manage their attacks and extort ransom payments. Ransomware authors often receive a portion of the ransom money that attackers receive.
Some of the most devastating ransomware attacks are carried out by attackers using affiliate schemes. conti and rockbit Ransomware run by affiliates.
According to Microsoft, phishing attack It is the most common means by which attackers gain initial access to a network.
Also: Ransomware is now a problem for everyone, not just technology
By targeting usernames and passwords in phishing emails and brute force attacks, cybercriminals can use legitimate credentials to gain access to your network, reducing suspicion. In this way, cybercriminals can easily access your network Since the rise of hybrid and remote work.
Attackers may even use compromised accounts to carry out phishing attacks against other users and may move within the network. It eventually triggers the encryption process, locks the files and demands the server and ransom payment.
But while phishing is the most common method used by ransomware gangs to gain access to networks, it’s not the only one.
For example, Microsoft malvertising In the early stages of an attack, cybercriminals buy online advertisements (usually to facilitate bogus software downloads), download and install Trojan malware that attackers use to distribute ransomware. infect users with
Affiliates of cybercriminals using Royal ransomware have been observed using this technique to deliver payloads.
Fake software update It has also become a popular means of delivering ransomware. These false warnings claiming that you need to update your software usually come from malicious links or drive-by downloads (downloads that happen in the background without your knowledge).
Also: The Real Cost of Ransomware Is Even Higher Than We Realize
The purpose of false update alerts is to scare victims into downloading malware. Victims believe they are doing the right thing to protect their systems.
Cybercriminals also use proven methods. Exploitation of unpatched cybersecurity vulnerabilities Access your network.
“Even as ransomware attacks evolve, they continue to rely on common security weaknesses that enable their success,” Microsoft said, adding that computers and networks should be kept up-to-date with the latest security patches to prevent cyberattacks. We recommend updating to Prevent criminals from exploiting known vulnerabilities to gain access to your network.
It is also important to download security updates only from official sources to avoid the possibility of bogus software updates infecting you with ransomware.
Meanwhile, organizations can prevent phishing attacks by ensuring their accounts are secure. A strong, preferably unique password your account is protected multi-factor authentication (MFA).
This extra layer of protection helps prevent access to your account, even if an attacker has access to the correct username and password.