More than 100 different cyber-criminal gangs are actively conducting ransomware attacks, deploying over 50 different ransomware families in campaigns that see them encrypt networks and demand a ransom payment for the decryption key.
The attacks are also being helped along by how ransomware groups offer ransomware-as-a-service (RaaS) schemes, enabling cyber criminals who don't develop their own ransomware to get in on the action.
Access to RaaS schemes is sold on underground forums, providing aspiring ransomware attackers with all the tools they need to conduct and manage attacks and extort ransom payments. In many cases, the author of the ransomware takes a cut of any ransom payments the attackers receive.
Some of the most disruptive ransomware attacks have been carried out by attackers using affiliate schemes, with high-profile attacks involving the likes of Conti and LockBit ransomware being conducted by affiliates.
According to Microsoft, phishing attacks are the most common means of attackers gaining initial access to networks.
The attackers can move around the network, potentially even using the compromised account to conduct phishing attacks against other users, gaining the permissions and control required to compromise as much of the network with ransomware as possible, before eventually triggering the encryption process, locking files and servers, and demanding a ransom payment.
But while phishing is the most common method used by ransomware gangs to access networks, it isn't the only one.
For example, Microsoft warns about the rise of malvertising as the initial stage of attacks, where cyber criminals buy online adverts -- commonly to promote false software downloads -- which, if downloaded and installed, will infect the user with trojan malware that the attackers then use to distribute ransomware.
Cyber-criminal affiliates using Royal ransomware have been seen using malvertising to deliver the payload.
Fake software updates have also become a common means of delivering ransomware. These false warnings, which claim your software needs to be updated, typically come from malvertising links or drive-by-downloads -- downloads that happen in the background without the user knowing.
"Even as they evolve, ransomware attacks continue to rely on common security weaknesses that allow them to succeed," said Microsoft, which recommends that computers and networks should be updated with the latest security patches as a matter of urgency to prevent cyber criminals from exploiting known vulnerabilities to access networks.
It's also important that security updates are only downloaded from official sources, to avoid the possibility of a fake software update infecting your computer with ransomware.