Microsoft Says More Than 100 Ransomware Groups and 50 Families Under Watch by Security Intelligence Network

Microsoft has revealed that its security workforce is tracking more than 100 ransomware actors and at least 50 different ransomware families actively in use through 2022. This includes significant threats from programs with names like LockBit Black, Play, Vice Society, Black Basta, and more. The big tech company made these revelations and more in a January 31 Twitter thread from its Microsoft Security Intelligence account, which represents its security networks.

Become a Subscriber

Please purchase a subscription to continue reading this article.

Subscribe Now

The Microsoft Security Intelligence account added that defense strategies should focus on “the chain of activities that lead to their deployment,” because attackers target servers and devices that aren’t yet protected from common or recent vulnerabilities. Although new ransomware families are always around the corner, most use the same tactics to infect networks, making detection of such activities invaluable. And these threats have moved beyond phishing, with recent actors taking advantage of vulnerabilities in Microsoft Exchange Server to attack defenseless servers.

While cybersecurity threats continue to exploit weaknesses, more companies are standing up against their attackers’ financial demands, bringing illicit revenues down after a record-breaking bounty of $756 million in 2021. Also, in 2022, an international law enforcement operation, including the FBI, U.S. Department of Justice, and Interpol, took down the Hive ransomware group.