Skip to main content
Microsoft Security

Ransomware

Ransomware as a service ecosystems make it easier for attackers of any skill to launch effective attacks. Learn how these threats work—and how to detect, contain, and recover from them.

Refine Results

Filtered by

Clear All

Refine results

Sort By
Content Type
Best practices (0)
Events (0)
Industry trends (0)
News (0)
Research (47)
Topic
AI and machine learning (1)
Analyst reports (0)
Built-in security (0)
Cloud security (0)
Compliance (0)
Data protection (0)
Data security (0)
Device management (0)
Email security (1)
Endpoint security (2)
Identity and access management (1)
Incident response (6)
Information protection and governance (0)
Internet of Things (IoT) security (0)
Microsoft Secure Future Initiative (0)
MISA (0)
Multifactor authentication (0)
Network security (0)
Office of the CISO (0)
Privacy (0)
Risk management (0)
Secure remote work (0)
Security management (0)
Security operations (0)
SIEM and XDR (0)
Small and medium business (0)
Threat intelligence (48)
Threat trends (1)
Zero Trust (0)
Products and services
Microsoft Defender (14)
Microsoft Defender External Attack Surface Management (0)
Microsoft Defender Threat Intelligence (6)
Microsoft Defender Vulnerability Management (2)
Microsoft Defender XDR (10)
Microsoft Defender for Business (0)
Microsoft Defender for Cloud (1)
Microsoft Defender for Cloud Apps (2)
Microsoft Defender for Endpoint (12)
Microsoft Defender for Identity (4)
Microsoft Defender for IoT (0)
Microsoft Defender for Office 365 (0)
Microsoft Entra (0)
Microsoft Entra External ID (0)
Microsoft Entra ID (0)
Microsoft Entra ID Governance (0)
Microsoft Entra ID Protection (0)
Microsoft Entra Internet Access (0)
Microsoft Entra Private Access (0)
Microsoft Entra Verified ID (0)
Microsoft Entra Workload ID (0)
Microsoft Intune (0)
Microsoft Priva (0)
Microsoft Priva Risk Management (0)
Microsoft Priva Subject Rights Requests (0)
Microsoft Purview (0)
Microsoft Purview Audit (0)
Microsoft Purview Communication Compliance (0)
Microsoft Purview Compliance Manager (0)
Microsoft Purview Data Lifecycle Management (0)
Microsoft Purview Data Loss Prevention (0)
Microsoft Purview Information Protection (0)
Microsoft Purview Insider Risk Management (0)
Microsoft Purview eDiscovery (0)
Microsoft Security Copilot (0)
Microsoft Security Experts (3)
Microsoft Defender Experts for Hunting (2)
Microsoft Defender Experts for XDR (0)
Microsoft Incident Response (2)
Microsoft Security Services for Enterprise (0)
Microsoft Sentinel (6)
Publish date

  • Simplify endpoint management with Microsoft Intune

    Microsoft Intune is a cloud-based unified endpoint management platform that empowers IT to manage, assess, and protect apps and devices.

    Learn more
  • CISO (chief information security officer) collaborating in a security operations center.
    • 15 min read

    The many lives of BlackCat ransomware

    The use of an unconventional programming language, multiple target devices and possible entry points, and affiliation with prolific threat activity groups have made the BlackCat ransomware a prevalent threat and a prime example of the growing ransomware-as-a-service (RaaS) gig economy.
  • Photo of Microsoft Cyber Defense Operations Center with the word "Protect" in the foreground.
    • 7 min read

    Improving AI-based defenses to disrupt human-operated ransomware

    To disrupt human-operated ransomware attacks as early as possible, we enhanced the AI-based protections in Microsoft Defender for Endpoint with a range of specialized machine learning techniques that swiftly identify and block malicious files, processes, or behavior observed during active attacks.
  • Photo of rusty metal materials
    • 16 min read

    Hive ransomware gets upgrades in Rust

    With its latest variant carrying several major upgrades, Hive proves it’s one of the fastest evolving ransomware payload, exemplifying the continuously changing ransomware ecosystem.
  • Data center illuminated with a bluish light. Yellow cords running on the servers are prominently displayed.
    • 8 min read

    New “Prestige” ransomware impacts organizations in Ukraine and Poland

    The Microsoft Threat Intelligence Center (MSTIC) has identified evidence of a novel ransomware campaign attributed to IRIDIUM targeting organizations in the logistics and transportation industry in Ukraine and Poland utilizing a previously unidentified ransomware payload.
  • Practitioner and CISO collaboration in a security war room.
    • 13 min read

    Defenders beware: A case for post-ransomware investigations

    The Microsoft Detection and Response Team (DART) details a recent ransomware incident in which the attacker used a collection of commodity tools and techniques, such as using living-off-the-land binaries, to launch their malicious code.
Load More

Get started with Microsoft Security

Protect your people, data, and infrastructure with AI-powered, end-to-end security from Microsoft.

Learn how

Connect with us on social