Microsoft details threat actors techniques for deploying ransomware

Last year, over 100 threat actors carried out ransomware attacks, and the number of active ransomware families used in attacks surpassed 50, with Microsoft security teams tracking each and every one of them.

Microsoft claims that while threat actors continue to rely on phishing for initial access, they have become more reliant on other techniques. The use of malvertising to surface links leading to various first-stage malware that eventually deliver ransomware or other payloads is one of the most common.

In 2022, the most popular ransomware payloads were LockBit Black, BlackCat/ALPHV, Vice Society, Black Basta, Play, and Royal, says Microsoft. It goes on to say that the threat actor DEV-0569, uses malicious ads to distribute Batloader, which then delivers post-exploitation tooling associated with DEV-0846, resulting in the deployment of Royal ransomware.

However, Microsoft stated that defense strategies should prioritize activity chains prior to deployment rather than payloads themselves, in light of the persistent targeting of unpatched servers and devices to facilitate attacks.

Such a technique was observed in the exploitation of Exchange Servers vulnerable to recently patched flaws by DEV-0671 and DEV-0882 in order to enable the deployment of the Cuba and Play ransomware. It used newly patched vulnerabilities, including those in Exchange Server, to deploy the Play and Cuba ransomware, highlighting the importance of applying security patches as soon as possible.

In conclusion, Microsoft says; “Even as they evolve, ransomware attacks continue to rely on common security weaknesses that allow them to succeed. Get insights and guidance for defending against ransomware attacks.”

The sources for this piece include an article in BleepingComputer.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web