Ransomware remains one of the most impactful threats to organizations today, and it only continues to evolve through ransomware as a service ecosystems, which enable more cybercriminals, regardless of technical expertise, to deploy ransomware.
Microsoft has been tracking activity related to the financially motivated threat actor Octo Tempest, whose evolving campaigns represent a growing concern for many organizations across multiple industries.
User containment is a unique and innovative defense mechanism that stops human-operated attacks in their tracks. We’ve added user containment to the automatic attack disruption capability in Microsoft Defender for Endpoint. User containment is automatically triggered by high-fidelity signals and limits attackers’ ability to move laterally within a network regardless of the compromised account’s Active Directory state or privilege level.
The threat actor that Microsoft tracks as Storm-0324 is a financially motivated group known to gain initial access using email-based initial infection vectors and then hand off access to compromised networks to other threat actors. These handoffs frequently lead to ransomware deployment. Beginning in July 2023, Storm-0324 was observed distributing payloads using an open-source tool […]
Microsoft has identified a phishing campaign conducted by the threat actor tracked as Storm-0978 targeting defense and government entities in Europe and North America. The campaign involved the abuse of CVE-2023-36884, which included a zero-day remote code execution vulnerability exploited via Microsoft Word documents.
In a recent investigation by Microsoft Incident Response of a BlackByte 2.0 ransomware attack, we found that the threat actor progressed through the full attack chain, from initial access to impact, in less than five days, causing significant business disruption for the victim organization.
Go beyond data protection with Microsoft Purview
Govern, protect, and manage all of your data with Microsoft Purview, comprehensive solutions to help give you better visibility and control.
Providing advanced protection against increasingly sophisticated human-operated ransomware, Microsoft Defender for Endpoint’s network protection leverages threat intelligence and machine learning to block command-and-control (C2) communications.
Microsoft has discovered recent activity indicating that the Raspberry Robin worm is part of a complex and interconnected malware ecosystem, with links to other malware families and alternate infection methods beyond its original USB drive spread.
In recent months, Microsoft has detected active ransomware and extortion campaigns impacting the global education sector, particularly in the US, by a threat actor we track as DEV-0832, also known as Vice Society.
The Microsoft Detection and Response Team (DART) details a recent ransomware incident in which the attacker used a collection of commodity tools and techniques, such as using living-off-the-land binaries, to launch their malicious code.
Tailored AI insights from Microsoft Security Copilot
Empower your defenders to detect hidden patterns, harden defenses, and respond to incidents faster with generative AI.
The Microsoft Threat Intelligence Center (MSTIC) has identified evidence of a novel ransomware campaign attributed to IRIDIUM targeting organizations in the logistics and transportation industry in Ukraine and Poland utilizing a previously unidentified ransomware payload.