Microsoft recently disclosed that they are monitoring over 100 different threat actors utilizing 50 unique ransomware families to attack businesses and organizations across the world. These attacks have been increasing in frequency, severity, and sophistication. The threat actors behind them are using a range of techniques to gain access to their targets, including exploiting unpatched software vulnerabilities, phishing attacks, and brute-force attacks against remote desktop protocol (RDP) endpoints.
In response to this growing threat, Microsoft suggests that defensive strategies should concentrate less on the payload and more on the sequence of events that lead to the ransomware’s deployment. Despite there being an overwhelming number of ransomware families at any given time, most threat actors employ the same tactics when carrying out their attacks, which go beyond phishing. Threat actors target servers and devices that have not yet deployed patches against common or recently known vulnerabilities, which is why swiftly patching vulnerabilities is crucial in preventing ransomware attacks.
Recently, Microsoft advised administrators to deploy the most recent Cumulative Update (CU) to secure on-premise Exchange servers and instructed users to remain prepared to install emergency security updates. More than 60K internet-exposed Exchange servers remain susceptible to attacks that take advantage of ProxyNotShell RCE exploits, while thousands of others still need protection from attacks targeting ProxyShell and ProxyLogon vulnerabilities, which were two of 2021’s most frequently exploited security flaws.
It is important to note that despite the number of attacks remaining steady, ransomware gangs’ income dropped by around 40% in 2022, as victims refused to pay ransom demands. While this is good news, it is important for businesses to remain vigilant and take steps to protect themselves against ransomware attacks. This includes regularly updating software, implementing strong passwords and multi-factor authentication, regularly backing up data and testing backups, and staying aware of new security vulnerabilities.
You can read more about this story at Bleeping Computer.
Click HERE to more about Alvaka’s Ransomware Prevention Services! We are available 24×7, 365 days a year, to assist you with any of your ransomware needs.
Latest Ransomware Related Blogs
Smoke testing is a term used to describe the testing process for servers after patches are applied. 
Estimating an average time for patching servers and PCs can be a bit tricky. It can vary from one month to the next, depending upon the number and complexity of the patches released by your software vendors. You must consider all versions of operating systems and have a complete inventory of all your application software to do this job correctly. Our experience has shown that manual patching of systems takes on average of about 1.5 hours each.
This is a basic cost calculator for you to compute your typical monthly cost for patching your servers, PCs, laptops, tablets and associated application software. It also forms the basis for you to begin calculating your Return on Investment for software patching, or for comparison with alternatives to the manual process of patching operating systems and application software—such as Patch Management as a Service, also known as Vulnerability Management as a Service.