Date: August 23
Title: Ransomware: Most attacks exploit these common cybersecurity mistakes – so fix them now, warns Microsoft
Over 80% of ransomware incidents can be traced back to misconfigured cloud services, untested security tools, and the enablement of macros.
The vast majority of ransomware attacks begin with cyber criminals exploiting common cybersecurity errors, which – if correctly managed – could prevent most victims from falling prey to attacks. Microsoft found that over 80% of ransomware attacks can be traced to common configuration errors in software and devices.
Microsoft warns that this process has been helped along by the growth of the ransomware-as-a-service (RaaS) ecosystem, which allows attackers who lack the technical expertise to create and develop their ransomware to conduct attacks and extort ransom payments.
Applications are left in their default state, allowing user-wide access across the network. Security tools are being left untested or misconfigured. Cloud applications are set up in a way that can quickly enable unauthorized intruders to gain access—not applying Microsoft’s attack surface reduction rules, which allows attackers to run malicious code using macros and scripts.
What to do?
• Maintain clean current backups
• Verify that cybersecurity tools and procedures are configured correctly.
• Disable macros and other scripts that are commonly exploited to execute malicious code.
• Use multi-factor authentication.
• Apply security patches and updates as quickly as possible.
What can you do when this happens to you?
• If you find your network has been compromised, immediately shut down.
• Identify the breach and any virus or malware present.
• Identify any data which might have been compromised or stolen and inform appropriate parties.
• Rebuild the network from a known clean backup
Danny Palmer, Senior Writer
Ransomware: Most attacks exploit these common cybersecurity mistakes – so fix them now, warns Microsoft | ZDNET