Skip to main content
Microsoft Security

Cyber Signals: Defend against the new ransomware landscape

Today, Microsoft is excited to publish our second edition of Cyber Signals, spotlighting security trends and insights gathered from Microsoft’s 43 trillion security signals and 8,500 security experts. In this edition, we pull back the curtain on the evolving cybercrime economy and the rise of Ransomware-as-a-service (RaaS). Instead of relying on what cybercriminals say about themselves through extortion attempts, forum posts, or chat leaks, Microsoft threat intelligence gives us visibility into threat actors’ actions.

RaaS is often an arrangement between an operator, who develops and maintains the malware and attack infrastructure necessary to power extortion operations, and “affiliates” who sign on to deploy the ransomware payload against targets. Affiliates purchase initial access from brokers or hit lists of vulnerable organizations, such as those with exposed credentials or already having malware footholds on their networks. Cybercriminals then use these footholds as a launchpad to deploy a ransomware payload against targets.

The impact of RaaS dramatically lowers the barrier to entry for attackers, obfuscating those behind initial access brokering, infrastructure, and ransoming. Because RaaS actors sell their expertise to anyone willing to pay, budding cybercriminals without the technical prowess required to use backdoors or invent their own tools can simply access a victim by using ready-made penetration testing and system administrator applications to perform attacks.

The endless list of stolen credentials available online means that without basic defenses like multifactor authentication (MFA), organizations are at a disadvantage in combating ransomware’s infiltration routes before the malware deployment stage. Once it’s widely known among cybercriminals that access to your network is for sale, RaaS threat actors can create a commoditized attack chain, allowing themselves and others to profit from your vulnerabilities.

While many organizations consider it too costly to implement enhanced security protocols, security hardening actually saves money. Not only will your systems become more secure, but your organization will spend less on security costs and less time responding to threats, leaving more time to focus on incoming incidents.

Businesses are experiencing an increase in both the volume and sophistication of cyberattacks. The Federal Bureau of Investigation’s 2021 Internet Crime Report found that the cost of cybercrime in the United States totaled more than USD6.9 billion.1 The European Union Agency for Cybersecurity (ENISA) reports that between May 2021 and June 2022, about 10 terabytes of data were stolen each month by ransomware threat actors, with 58.2 percent of stolen files including employees’ personal data.2

It takes new levels of collaboration to meet the ransomware challenge. The best defenses begin with clarity and prioritization, which means more sharing of information across and between the public and private sectors and a collective resolve to help each other make the world safer for all. At Microsoft, we take that responsibility to heart because we believe security is a team sport. You can explore the latest cybersecurity insights and updates at our threat intelligence hub Security Insider

With a broad view of the threat landscape—informed by 43 trillion threat signals analyzed daily, combined with the human intelligence of our more than 8,500 experts—threat hunters, forensics investigators, malware engineers, and researchers, we see first-hand what organizations are facing and we’re committed to helping you put that information into action to pre-empt and disrupt extortion threats.

Learn more

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.


1Internet Crime Report, Federal Bureau of Investigation. 2021.

2Ransomware: Publicly Reported Incidents are only the tip of the iceberg, European Union Agency for Cybersecurity. July 29, 2022.