How Security Professionals Can Stay Ahead Of Ransomware – Microsoft

How security professionals can stay ahead of ransomware – Microsoft

The “as a service” business model has gained widespread popularity as growing cloud adoption has made it possible for people to access important services through third-party providers. Given the convenience and agility of service offerings, perhaps it shouldn’t be surprising that the “as a service” model is being used by cybercriminals for nefarious purposes.
Ransomware as a service (RaaS) involves cybercriminals purchasing and selling access to ransomware payloads, leaked data, RaaS “kits,” and many other tools on the dark web. We explore this topic in the second edition of Cyber Signals, Microsoft’s quarterly brief that shines a spotlight on threat topics informed by our 43 trillion signals of data and research by more than 8,500 security experts. It’s one of the many resources available on Microsoft Security Insider, a site where you’ll find the latest cybersecurity insights and threat intelligence updates.
At Microsoft, we have been tracking the trend of human-operated ransomware. These threats are driven by humans who make decisions at every stage of the attack, making them particularly impactful and destructive to organizations. RaaS operations, such as REvil and the now-shutdown Conti, have the malware attack infrastructure and even stolen organizational data necessary to power ransomware activities. They then make these tools available on the dark web for a fee. Affiliates purchase these RaaS kits and deploy them in company environments. Like legitimate “as a service” offerings, RaaS may even include customer service support, bundled offers, and user review forums.
In more than 80 percent of ransomware attacks, the cybercriminals exploited common configuration errors in software and devices, which can be remedied by following security best practices. This means that ransomware actors are not using any new and novel techniques. The same guidance around timely patching, credential hygiene, and a thorough review of changes to software and system settings and configurations can make a difference in an organization’s resilience to these attacks. The other challenge is that some actors have opted to forgo the ransomware payload. They exfiltrate the victim organization’s data and extort money by threatening to release their data or sell it on the dark web.
As a result, companies that limit their hunting efforts to looking for signs of just the ransomware payload are at a greater risk of a successful breach and extortion. Finally, the ease of RaaS for cybercriminals means it is highly likely to remain a challenge for organizations worldwide.
Cybercrime—including ransomware, business email compromise schemes, and the criminal use of cryptocurrency—comes at a significant cost. The Federal Bureau of Investigation’s 2021 Internet Crime Report found that potential losses exceeded USD6.9 billion in 2021.1
In the European Union, the European Union Agency for Cybersecurity (ENISA) reported that about 10 terabytes of data were stolen each month by ransomware threat actors between May 2021 and June 2022, and a whopping 58.2 percent of that stolen data involved employees’ personal information.2
Ransomware as a service offers a few advantages to cybercriminals:
Microsoft gains deep insights into the ever-evolving threat landscape and threat actors by analyzing more than 43 trillion threat signals daily and leveraging the unique skills of more than 8,500 experts—threat hunters, forensics investigators, malware engineers, and researchers supporting our threat intelligence community and customers. These experts specialize in dedicated areas, such as vulnerabilities, threat actors, ransomware, supply chain risk, social engineering, and geopolitical issues.
Microsoft focuses on gathering intelligence about these cybercriminals’ behaviors, tactics, tools, and techniques to truly understand the end-to-end scope of their attacks and operations. We believe cybersecurity intelligence should be shared broadly. You can see our insights in our security intelligence blogs, the Microsoft Digital Defense Report, and Cyber Signals, our quarterly briefing, which can be found on Security Insider, our source for threat insights and guidance.
We understand that managing the myriad tasks necessary to grow a business gives organizations precious little time to stay updated on the latest security threats, let alone to preempt and disrupt extortion threats. We are committed to sharing the threat insights we have gathered with the cybersecurity community to help organizations secure their employees, customers, and partners. We are all cybersecurity defenders. Together, we can stay ahead of these threats.
Because cybercriminals rely on security vulnerabilities they can exploit, companies can help block attackers by investing in integrated threat protection across devices, identities, apps, email, data, and the cloud. Here are three major strategies to help protect your environment from RaaS attacks:
You can find more in-depth security guidance in Cyber Signals and Security Insider.
A great security posture starts with understanding the threat landscape. Microsoft remains deeply committed to partnering with our entire community on sharing intelligence and building a safer world for all together. 
To stay up-to-date on ransomware as a service and other threat insights and guidance, bookmark Microsoft Security Insider.
To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.
1Internet Crime Report, Federal Bureau of Investigation. 2021.
2Ransomware: Publicly Reported Incidents are only the tip of the iceberg, European Union Agency for Cybersecurity. July 29, 2022.
Microsoft is a leader in cybersecurity, and we embrace our responsibility to make the world a safer place.


Leave a Comment

Leave a Reply

Your email address will not be published.

From Collaboration to Miniaturization – Lab Manager Magazine

Unify People, Process, and Performance at Accruent Insights 2022 –

Cybersecurity lessons learned from COVID-19 pandemic – TechTarget

IoT: Europe readies cybersecurity rules for smart devices – with big fines attached – ZDNet