Ransomware encryption down amid surge of attacks, Microsoft says | CyberScoop<\/title> <meta name=\"description\" content=\"The company reported a 300% drop in ransomware attacks that made it to the encryption stage over the past two years.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/ransomware-encryption-down-attacks-up-nation-state-crime\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Ransomware encryption down amid surge of attacks, Microsoft says\"> <meta property=\"og:description\" content=\"The company reported a 300% drop in ransomware attacks that made it to the encryption stage over the past two years.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/ransomware-encryption-down-attacks-up-nation-state-crime\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2024-10-15T13:00:00+00:00\"> <meta property=\"article:modified_time\" content=\"2024-10-11T14:29:57+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/ransomware-encryption-down-amid-surge-of-attacks-microsoft-says-2.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1280\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"AJ Vicens\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@AJVicens\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1725982252g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1728928691g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1728958503g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=ada0ad45b21fc79c6694\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/82098\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.6.2\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=82098\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fransomware-encryption-down-attacks-up-nation-state-crime%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fransomware-encryption-down-attacks-up-nation-state-crime%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-82098 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/ransomware-encryption-down-attacks-up-nation-state-crime\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.112947658402\">\n<div class=\"single-article__header-content\" readability=\"30.175675675676\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/news\/threats\/cybercrime\/\"> <span>Cybercrime<\/span> <\/a> <\/li>\n<\/ul>\n<p> The company reported a 300% drop in ransomware attacks that made it to the encryption stage over the past two years. <\/p>\n<p>   <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/ransomware-encryption-down-amid-surge-of-attacks-microsoft-says.jpg?resize=640%2C426&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/ransomware-encryption-down-amid-surge-of-attacks-microsoft-says-2.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/ransomware-encryption-down-amid-surge-of-attacks-microsoft-says-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/ransomware-encryption-down-amid-surge-of-attacks-microsoft-says-2.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/ransomware-encryption-down-amid-surge-of-attacks-microsoft-says-2.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/ransomware-encryption-down-amid-surge-of-attacks-microsoft-says-2.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/ransomware-encryption-down-amid-surge-of-attacks-microsoft-says-2.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/ransomware-encryption-down-amid-surge-of-attacks-microsoft-says-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/ransomware-encryption-down-amid-surge-of-attacks-microsoft-says-2.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/ransomware-encryption-down-amid-surge-of-attacks-microsoft-says-2.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/ransomware-encryption-down-amid-surge-of-attacks-microsoft-says-2.jpg?resize=1265,843 1265w\" sizes=\"(max-width: 1013px) 100vw, 1013px\"><figcaption> NEW YORK, NY – Exterior view of the Microsoft Times Square building on January 29, 2023 in New York City. (Photo by Kena Betancur\/VIEWpress) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"42.515136097685\"><body readability=\"85.574153680817\"><\/p>\n<p>The number of ransomware attacks that reach the encryption stage dropped 300% over the past two years, due in large part to automatic attack disruption technologies, according to a report out Tuesday from Microsoft. <\/p>\n<p>The findings \u2014 which come as part of Microsoft\u2019s fifth annual Digital Defense Report analyzing trends between June 2022 and July 2023 \u2014 come amid the company observing a 275% year-over-year increase in ransomware-related attacks. <\/p>\n<p>The decrease in attacks reaching the encryption stage represents a \u201csuccess story\u201d in the fight against a dynamic ransomware ecosystem, Tom Burt, Microsoft\u2019s corporate vice president of customer security and trust, told reporters ahead of the report\u2019s release.<\/p>\n<p>With improved defenses and better recovery technologies enabling companies to refuse ransom payments, attackers are more likely to steal data and threaten to release it, a trend that has increasingly <a href=\"https:\/\/www.sentinelone.com\/blog\/ransoms-without-ransomware-data-corruption-and-other-new-tactics-in-cyber-extortion\/\">played<\/a> out over the past <a href=\"https:\/\/www.theregister.com\/2022\/06\/25\/ransomware_gangs_extortion_feature\/\">couple of years<\/a>. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The ransomware problem highlights the overlap between nation-state activities and financially driven cybercrime, Burt said, a problem enhanced both by countries using such operations to generate money but also by countries that do very little, if anything, to crack down on cybercrime emanating from within their borders.<\/p>\n<p>Russian state-aligned cyber operations, for instance, are increasingly integrating commodity malware into their operations and are in some cases outsourcing cyberespionage operations to criminal groups, according to the report. <\/p>\n<p>In June, for instance, a group Microsoft tracks as Storm-2049 \u2014 which is tracked by the <a href=\"https:\/\/cert.gov.ua\/article\/6278521\">Ukrainians as UAC-0184<\/a> \u2014 used Xworm and Remcos RAT commodity malware to compromise at least 50 Ukrainian military devices, according to the report. <\/p>\n<p>\u201cThere didn\u2019t appear to be any cyber criminal motivation for that activity,\u201d Burt said. \u201cWe suspect that it was done in collaboration with the Russian military operation to gather intelligence and gain access to these devices for purposes of espionage.\u201d <\/p>\n<p>Another group, tracked as Storm-0593 by Microsoft \u2014 and others as <a href=\"https:\/\/attack.mitre.org\/groups\/G0047\/\">Gamaredon<\/a> \u2014 and thought to be operated by the Russian Federal Security Service (FSB), handed off access to 34 compromised Ukrainian devices in June and July 2023 to a group known as \u201cInvisimole,\u201d which researchers have for years tracked as both a type of spyware as well as a group working with Gamaredon. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Once Invisimole took over the devices, it established infrastructure linked to separate spearphishing attacks on Ukrainian military machines, Microsoft said, \u201csuggesting a pattern by Storm-0593 of supporting state intelligence collection objectives.\u201d<\/p>\n<p>The report also highlights an Iranian-backed group selling stolen data from an Israeli dating site through personas, as well as suspected North Korean operations deploying a custom ransomware variant known as <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2024\/05\/28\/moonstone-sleet-emerges-as-new-north-korean-threat-actor-with-new-bag-of-tricks\/\">FakePenny<\/a>, suggesting \u201cthe actor had objectives for both intelligence gathering and monetization of its access.\u201d<\/p>\n<p>Burt said that although the last year has included some positive collaboration with governments to takedown cybercriminal activity and combat nation-state operations, \u201cthe problem is that it doesn\u2019t scale adequately to provide a real deterrence.\u201d<\/p>\n<p>\u201cThere seems to be virtually no consequence to these nation-state actions that we see not only continuing but escalating, both in their volume and sophistication, but also in their aggression,\u201d Burt said, pointing to the Chinese-linked activity targeting non-military critical infrastructure known as Volt Typhoon as an example. \u201cWe need the nation states of the world to do more to deter this activity. Private sector can\u2019t do that.\u201d<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"1.2980769230769\">\n<div class=\"author-card\" readability=\"8\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/10\/ransomware-encryption-down-amid-surge-of-attacks-microsoft-says-1.jpg?w=640&ssl=1\" alt=\"AJ Vicens\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by AJ Vicens<\/h4>\n<p> AJ covers nation-state threats and cybercrime. He was previously a reporter at Mother Jones. Get in touch via Signal\/WhatsApp: (810-206-9411). <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Geopolitics<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/ransomware-encryption-down-attacks-up-nation-state-crime\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Ransomware encryption down amid surge of attacks, Microsoft says |<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[282,323,625,46,288],"tags":[286,327,630,54,294],"class_list":["post-5778","post","type-post","status-publish","format-standard","hentry","category-cybercrime","category-extortion","category-microsoft","category-ransomware","category-threats","tag-cybercrime","tag-extortion","tag-microsoft","tag-ransomware","tag-threats"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybercrime\/\" rel=\"category tag\">cybercrime<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/extortion\/\" rel=\"category tag\">extortion<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/microsoft\/\" rel=\"category tag\">Microsoft<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ransomware\/\" rel=\"category tag\">ransomware<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a>","tag_info":"Threats","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/5778","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=5778"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/5778\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=5778"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=5778"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=5778"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":5778,"date":"2024-10-15T08:00:00","date_gmt":"2024-10-15T13:00:00","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=82098"},"modified":"2024-10-15T08:00:00","modified_gmt":"2024-10-15T13:00:00","slug":"ransomware-encryption-down-amid-surge-of-attacks-microsoft-says","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/10\/15\/ransomware-encryption-down-amid-surge-of-attacks-microsoft-says\/","title":{"rendered":"Ransomware encryption down amid surge of attacks, Microsoft says"},"content":{"rendered":"