{"id":120614,"date":"2022-08-30T08:00:00","date_gmt":"2022-08-30T15:00:00","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?p=120614"},"modified":"2023-05-15T23:00:05","modified_gmt":"2023-05-16T06:00:05","slug":"cyber-signals-3-strategies-for-protection-against-ransomware","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/08\/30\/cyber-signals-3-strategies-for-protection-against-ransomware\/","title":{"rendered":"Cyber Signals: 3 strategies for protection against ransomware"},"content":{"rendered":"\n

The \u201cas a service\u201d business model has gained widespread popularity as growing cloud adoption has made it possible for people to access important services through third-party providers. Given the convenience and agility of service offerings, perhaps it shouldn\u2019t be surprising that the \u201cas a service\u201d model is being used by cybercriminals for nefarious purposes.<\/p>\n\n\n\n

Ransomware as a service (RaaS) involves cybercriminals purchasing and selling access to ransomware payloads, leaked data, RaaS \u201ckits,\u201d and many other tools on the dark web. We explore this topic in the second edition of Cyber Signals<\/a>, Microsoft\u2019s quarterly brief that shines a spotlight on threat topics informed by our 43 trillion signals of data and research by more than 8,500 security experts. It\u2019s one of the many resources available on Microsoft Security Insider<\/a>, a site where you\u2019ll find the latest cybersecurity insights and threat intelligence updates.<\/p>\n\n\n\n

At Microsoft, we have been tracking the trend of human-operated ransomware<\/a>. These threats are driven by humans who make decisions at every stage of the attack, making them particularly impactful and destructive to organizations. RaaS operations, such as REvil and the now-shutdown Conti, have the malware attack infrastructure and even stolen organizational data necessary to power ransomware activities. They then make these tools available on the dark web for a fee. Affiliates purchase these RaaS kits and deploy them in company environments. Like legitimate \u201cas a service\u201d offerings, RaaS may even include customer service support, bundled offers, and user review forums.<\/p>\n\n\n\n

Ransomware as a service: Appealing to cybercriminals, challenging for companies<\/h2>\n\n\n\n

In more than 80 percent of ransomware attacks, the cybercriminals exploited common configuration errors in software and devices, which can be remedied by following security best practices<\/a>. This means that ransomware actors are not using any new and novel techniques. The same guidance around timely patching, credential hygiene, and a thorough review of changes to software and system settings and configurations can make a difference in an organization\u2019s resilience to these attacks. The other challenge is that some actors have opted to forgo the ransomware payload. They exfiltrate the victim organization\u2019s data and extort money by threatening to release their data or sell it on the dark web.<\/p>\n\n\n\n

As a result, companies that limit their hunting efforts to looking for signs of just the ransomware payload are at a greater risk of a successful breach and extortion. Finally, the ease of RaaS for cybercriminals means it is highly likely to remain a challenge for organizations worldwide.<\/p>\n\n\n\n

Cybercrime\u2014including ransomware, business email compromise schemes, and the criminal use of cryptocurrency\u2014comes at a significant cost. The Federal Bureau of Investigation\u2019s 2021 Internet Crime Report found that potential losses exceeded USD6.9 billion in 2021.1<\/sup><\/p>

In the European Union, the European Union Agency for Cybersecurity (ENISA) reported that about 10 terabytes of data were stolen each month by ransomware threat actors between May 2021 and June 2022, and a whopping 58.2 percent of that stolen data involved employees’ personal information.2<\/sup><\/p><\/blockquote>\n\n\n\n

Ransomware as a service offers a few advantages to cybercriminals:<\/p>\n\n\n\n