Skip to main content
Skip to main content
Microsoft
Microsoft Security
Microsoft Security
Microsoft Security
Home
Solutions
Cloud security
Frontline workers
Identity & access
Industrial & critical infrastructure
Information protection & governance
IoT security
Passwordless authentication
Phishing
Ransomware
Risk management
Secure remote work
SIEM & XDR
Small & medium business
Zero Trust
Products
Product families
Product families
Microsoft Defender
Microsoft Entra
Microsoft Intune
Microsoft Priva
Microsoft Purview
Microsoft Sentinel
Identity & access
Identity & access
Azure Active Directory part of Microsoft Entra
Microsoft Entra Identity Governance
Microsoft Entra Permissions Management
Microsoft Entra Verified ID
Microsoft Entra Workload Identities
Azure Key Vault
SIEM & XDR
SIEM & XDR
Microsoft Sentinel
Microsoft Defender for Cloud
Microsoft 365 Defender
Microsoft Defender for Endpoint
Microsoft Defender for Office 365
Microsoft Defender for Identity
Microsoft Defender for Cloud Apps
Microsoft Defender Vulnerability Management
Microsoft Defender Threat Intelligence
Cloud security
Cloud security
Microsoft Defender for Cloud
Microsoft Defender Cloud Security Posture Mgmt
Microsoft Defender for DevOps
Microsoft Defender External Attack Surface Management
Azure Firewall
Azure Web App Firewall
Azure DDoS Protection
GitHub Advanced Security
Endpoint security
Endpoint security
Microsoft 365 Defender
Microsoft Defender for Endpoint
Microsoft Defender for IoT
Microsoft Defender for Business
Microsoft Defender Vulnerability Management
Risk management & privacy
Risk management & privacy
Microsoft Purview Insider Risk Management
Microsoft Purview Communication Compliance
Microsoft Purview eDiscovery
Microsoft Purview Compliance Manager
Microsoft Purview Audit
Microsoft Priva Risk Management
Microsoft Priva Subject Rights Requests
Information protection
Information protection
Microsoft Purview Information Protection
Microsoft Purview Data Lifecycle Management
Microsoft Purview Data Loss Prevention
Endpoint management
Endpoint management
Microsoft Intune
Services
Microsoft Security Experts
Microsoft Defender Experts for Hunting
Microsoft Security Services for Enterprise
Microsoft Security Services for Incident Response
Microsoft Security Services for Modernization
Partners
Resources
Get started
Get started
Cybersecurity awareness
Customer stories
Security 101
Product trials
How we protect Microsoft
Reports and analysis
Reports and analysis
Industry recognition
Microsoft Security Insider
Microsoft Digital Defense Report
Security Response Center
Community
Community
Microsoft Security Blog
Microsoft Security Events
Microsoft Tech Community
Documentation and training
Documentation and training
Documentation
Technical Content Library
Training & certifications
Additional sites
Additional sites
Compliance Program for Microsoft Cloud
Microsoft Trust Center
Security Engineering Portal
Service Trust Portal
Contact sales
More
Start free trial
All Microsoft
Global
Microsoft Security
Azure
Dynamics 365
Microsoft 365
Microsoft Teams
Windows 365
Tech & innovation
Tech & innovation
Microsoft Cloud
AI
Azure Space
Mixed reality
Microsoft HoloLens
Microsoft Viva
Quantum computing
Sustainability
Industries
Industries
Education
Automotive
Financial services
Government
Healthcare
Manufacturing
Retail
All industries
Partners
Partners
Find a partner
Become a partner
Partner Network
Find an advertising partner
Become an advertising partner
Azure Marketplace
AppSource
Resources
Resources
Blog
Microsoft Advertising
Developer Center
Documentation
Events
Licensing
Microsoft Learn
Microsoft Research
View Sitemap
Search
Search Microsoft Security
No results
Cancel
Sign in
ransomware
Featured image for DEV-0569 finds new ways to deliver Royal ransomware, various payloads
November 17, 2022
• 7 min read
DEV-0569 finds new ways to deliver Royal ransomware, various payloads
DEV-0569’s recent activity shows their reliance on malvertising and phishing in delivering malicious payloads. The group’s changes and updates in delivery and payload led to distribution of info stealers and Royal ransomware.
Read more
DEV-0569 finds new ways to deliver Royal ransomware, various payloads
Featured image for Stopping C2 communications in human-operated ransomware through network protection
November 3, 2022
• 6 min read
Stopping C2 communications in human-operated ransomware through network protection
Providing advanced protection against increasingly sophisticated human-operated ransomware, Microsoft Defender for Endpoint’s network protection leverages threat intelligence and machine learning to block command-and-control (C2) communications.
Read more
Stopping C2 communications in human-operated ransomware through network protection
Featured image for Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity
October 27, 2022
• 15 min read
Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity
Microsoft has discovered recent activity indicating that the Raspberry Robin worm is part of a complex and interconnected malware ecosystem, with links to other malware families and alternate infection methods beyond its original USB drive spread.
Read more
Raspberry Robin worm part of larger ecosystem facilitating pre-ransomware activity
Featured image for DEV-0832 (Vice Society) opportunistic ransomware campaigns impacting US education sector
October 25, 2022
• 10 min read
DEV-0832 (Vice Society) opportunistic ransomware campaigns impacting US education sector
In recent months, Microsoft has detected active ransomware and extortion campaigns impacting the global education sector, particularly in the US, by a threat actor we track as DEV-0832, also known as Vice Society.
Read more
DEV-0832 (Vice Society) opportunistic ransomware campaigns impacting US education sector
Featured image for Defenders beware: A case for post-ransomware investigations
October 18, 2022
• 13 min read
Defenders beware: A case for post-ransomware investigations
The Microsoft Detection and Response Team (DART) details a recent ransomware incident in which the attacker used a collection of commodity tools and techniques, such as using living-off-the-land binaries, to launch their malicious code.
Read more
Defenders beware: A case for post-ransomware investigations
Featured image for New “Prestige” ransomware impacts organizations in Ukraine and Poland
October 14, 2022
• 8 min read
New “Prestige” ransomware impacts organizations in Ukraine and Poland
The Microsoft Threat Intelligence Center (MSTIC) has identified evidence of a novel ransomware campaign attributed to IRIDIUM targeting organizations in the logistics and transportation industry in Ukraine and Poland utilizing a previously unidentified ransomware payload.
Read more
New “Prestige” ransomware impacts organizations in Ukraine and Poland
Featured image for Profiling DEV-0270: PHOSPHORUS’ ransomware operations
September 7, 2022
• 11 min read
Profiling DEV-0270: PHOSPHORUS’ ransomware operations
Microsoft threat intelligence teams have been tracking multiple ransomware campaigns tied to DEV-0270, also known as Nemesis Kitten, a sub-group of Iranian actor PHOSPHORUS.
Read more
Profiling DEV-0270: PHOSPHORUS’ ransomware operations
Featured image for Looking for the ‘Sliver’ lining: Hunting for emerging command-and-control frameworks
August 24, 2022
• 10 min read
Looking for the ‘Sliver’ lining: Hunting for emerging command-and-control frameworks
Threat actors evade detection by adopting the Sliver command-and-control (C2) framework in intrusion campaigns.
Read more
Looking for the ‘Sliver’ lining: Hunting for emerging command-and-control frameworks
Featured image for North Korean threat actor targets small and midsize businesses with H0lyGh0st ransomware
July 14, 2022
• 13 min read
North Korean threat actor targets small and midsize businesses with H0lyGh0st ransomware
A group of actors originating from North Korea that MSTIC tracks as DEV-0530 has been developing and using ransomware in attacks since June 2021. This group, which calls itself H0lyGh0st, utilizes a ransomware payload with the same name.
Read more
North Korean threat actor targets small and midsize businesses with H0lyGh0st ransomware
Featured image for Hive ransomware gets upgrades in Rust
July 5, 2022
• 16 min read
Hive ransomware gets upgrades in Rust
With its latest variant carrying several major upgrades, Hive proves it’s one of the fastest evolving ransomware payload, exemplifying the continuously changing ransomware ecosystem.
Read more
Hive ransomware gets upgrades in Rust
1
2
3
…
10
Next Page
