Microsoft shares details of his work on the ransomware. So, at the end of 2022, their specialists are keeping more than a hundred groups and fifty of the malware they send. Interestingly, attackers are gradually moving away from phishing and switching to other methods of compromising systems.
The most active groups use malicious advertising, including the abuse of Google Ads. Others send malware under the guise of updates via FakeUpdates. Still others work on fresh vulnerabilities at all: for example, Cuba and Play have exploits for Exchange Server as an attack vector. Meanwhile, more than 60,000 servers are still not patched for ProxyNotShell, and thousands for ProxyShell and ProxyLogon itself. Well, really, why roll out patches when you can just pay a couple million ransom.