Microsoft: 52% of Cyberattacks Driven by Ransomware and Extortion

Microsoft has found that over half of all cyberattacks are now fueled by extortion and ransomware. As AI-powered threats surge and supply chain risks escalate, organizations can no longer rely on outdated defenses to stay secure.

According to the sixth annual Digital Defense Report, Microsoft mentioned that it processes 100 trillion security signals daily, blocks 4.5 million malware files, and screens 5 billion emails for threats. Moreover, espionage-related attacks now account for only 4%, which indicates how profit-driven cybercrime has become the dominant threat.

“That’s at least 52% of incidents fueled by financial gain, while attacks focused solely on espionage made up just 4%,” explained Amy Hogan-Burney, CVP for customer security and trust. “Nation-state threats remain a serious and persistent threat, but most of the immediate attacks organizations face today come from opportunistic criminals looking to make a profit.”

Microsoft has mentioned that essential public services, such as hospitals, municipalities, and emergency response systems, are prime targets due to outdated systems and limited budgets. These organizations often rely on legacy systems that lack modern security features, which makes them attractive targets for attackers.

According to Microsoft, China, Iran, and Russia continue to intensify their state-sponsored cyber operations, each with different strategies and targets. China is focusing on widespread industrial espionage attacks that are increasingly infiltrating NGOs through stealthy networks and exploiting internet-facing vulnerabilities.

Meanwhile, Iran is targeting sectors from the Middle East to North America (such as logistics and shipping firms) to gain long-term access to sensitive commercial data. Russia has also started aiming at small businesses based in countries that support Ukraine. These small businesses are more vulnerable compared to larger organizations.

North Korea is focusing its cyber efforts on generating revenue and gathering intelligence. It’s leveraging a new tactic that involves thousands of regime-affiliated IT workers securing remote jobs globally and sending their earnings back to the government. In some cases, when these workers are exposed, they have resorted to extortion.

Cybercriminals are leveraging artificial intelligence to create convincing phishing emails, automate malware creation, and evade traditional detection methods. It allows attackers to scale their efforts and personalize attacks with unprecedented precision, which makes it harder for users and systems to distinguish between legitimate and malicious activity.

To counter rising ransomware and AI-driven threats, Microsoft urges organizations to modernize defenses, train employees, and adopt a Zero Trust approach.

1. Treat cybersecurity as a strategic priority

Microsoft recommends that security be embedded into the organization’s core strategy. Leaders should integrate cybersecurity into business planning, risk management, and operational resilience to stay ahead of evolving threats.

2. Invest in people and culture

IT teams should prioritize training and upskilling their workforce to ensure security awareness within the organization. They should build a culture where cybersecurity is everyone’s responsibility to reduce human error and strengthen overall defenses.

3. Modernize security infrastructure

Microsoft has warned that legacy systems are increasingly vulnerable. IT teams should adopt modern, AI-enhanced security tools and frameworks like Zero Trust to better detect, prevent, and respond to threats.

4. Build resilience and assume breach

Organizations should prepare for inevitable breaches by having robust incident response plans, regularly testing recovery procedures, and monitoring key metrics like patch latency and multifactor authentication (MFA) coverage.

5. Leverage AI defensively

Administrators must use AI to automate threat detection, validate alerts, and accelerate response times within enterprise environments. This AI-powered approach can help to protect organizations against cyberattacks.