How Microsoft Defender for Endpoint is redefining endpoint security
Learn why many CISOs prefer Microsoft Defender for Endpoint for comprehensive cyberthreat protection across devices and platforms.
Ransomware
Refine results
Topic
Products and services
Publish date
-
-
How cyberattackers exploit domain controllers using ransomware
Read how cyberattackers exploit domain controllers to gain privileged system access where they deploy ransomware that causes widespread damage and operational disruption. -
Storm-0501: Ransomware attacks expanding to hybrid cloud environments
August 27, 2025 update: Storm-0501 has continuously evolved to achieve sharpened focus on cloud-based TTPs as their primary objective shifted from deploying on-premises endpoint ransomware to using cloud-based ransomware tactics. -
Ransomware operators exploit ESXi hypervisor vulnerability for mass encryption
Microsoft Security researchers have observed a vulnerability used by various ransomware operators to get full administrative access to domain-joined ESXi hypervisors and encrypt the virtual machines running on them. Retain Microsoft Security Experts
Microsoft Security Experts are now available to strengthen your team with managed security services. Learn how to defend against threats with security experts.
-
Automatic disruption of human-operated attacks through containment of compromised user accounts
User containment is a unique and innovative defense mechanism that stops human-operated attacks in their tracks. -
Malware distributor Storm-0324 facilitates ransomware access
The threat actor that Microsoft tracks as Storm-0324 is a financially motivated group known to gain initial access using email-based initial infection vectors and then hand off access to compromised networks to other threat actors. -
Storm-0978 attacks reveal financial and espionage motives
Microsoft has identified a phishing campaign conducted by the threat actor tracked as Storm-0978 targeting defense and government entities in Europe and North America. -
Stopping C2 communications in human-operated ransomware through network protection
Providing advanced protection against increasingly sophisticated human-operated ransomware, Microsoft Defender for Endpoint’s network protection leverages threat intelligence and machine learning to block command-and-control (C2) communications. Modernize your Security Operations Center with Microsoft Sentinel
Microsoft Sentinel is a cloud-native SIEM solution powered by AI and automation that delivers intelligent security analytics across your entire enterprise.
-
Gartner names Microsoft a Leader in the 2021 Endpoint Protection Platforms Magic Quadrant
We are so grateful to our customers who have collaborated with us in creating one of the best endpoint security solutions on the market and are thrilled that Gartner has recognized this work and the journey we’ve taken alongside our customers by naming Microsoft a Leader in the 2021 Endpoint Protection Platforms (EPP) Magic Quadrant, positioned highest on ability to execute. -
World Backup Day is as good as any to back up your data
In today’s security landscape, there are more threats to data than ever before.
