Microsoft’s Strategy to Decrease Ransomware

Throughout 2021, ransomware attacks have increased drastically and stand as a large threat to all companies. It is important to take the right steps towards protecting your business from cyber security attacks. Ransomware attacks can lock down your entire system and leak sensitive information, while also being very expensive to deal with. Fortunately, Microsoft Corporation has devised a plan to help decrease ransomware attacks on businesses.

What is Ransomware?

Ransomware is a type of malicious software (malware) that encrypts a computer and holds the users’ information and access to it for ransom. The type of illegal activity is conducted as a way to receive and extort large sums of money from victims, particularly large companies. Ransomware is typically created to circulate across a network and target database and file servers. Therefore, it is capable of quickly destroying an entire organization. Ransomware attacks can generate billions of dollars in payments to cybercriminals and cause significant damage for businesses and governmental organizations.

Why is Ransomware Spreading?

Ransomware attacks have skyrocketed in 2021 and are expected to increase and become more disruptive, with damages expected to reach $6 million this year. These attacks are spreading rapidly to counter preventative technologies due to the use of new ransomware tactics, such as:

  • Encrypting the complete disk
  • Creating new malware samples on demand
  • Using generic interpreters to create cross-platform ransomware

How Does Ransomware Work?

To enact a successful ransomware attack, there are 3 key steps that are taken.

1. Gain system access
Common ways for cyber attackers to gain access to a user’s system are to send phishing emails that require downloading the ransomware onto their device, stealing login information to remotely access the device, and directly accessing the device.

2. Encrypt files
This step involves accessing files, encrypting them with an attacker-controlled key, and swapping the original files with versions that have been encrypted. Oftentimes, attackers will take extra steps to make recovery of files more difficult by deleting backup copies.

3. Demand a ransom
The attacker will make a ransom demand, typically in the form of cash sums, in exchange for restoration of the user’s files. It is common that the ransom demand be displayed in the background of the device to alert the user immediately.

Microsoft’s Plan

Microsoft’s plan is not to act in a defensive manner, but to instead attack the ransomware attackers. The company strives to not only protect its customers, but also provide safety to the global internet community so that everyone can establish a trust with the technology they use. Microsoft’s Digital Crimes Unit (DCU) has been working to fight cybercrime since 2008 to provide a safer digital experience to all international users. The team shares insights internally that translate to security product features, uncovers evidence that allows them to make criminal referrals to appropriate law enforcement, and takes legal action to put a stop to any malicious activity. Microsoft’s efforts to disrupt ransomware attacks by securing user’s security to make it harder for attackers to get in will consist of:

  • Disrupting the infrastructure by targeting the criminal actor’s ability to communicate with the victim or publicly disclose stolen data
  • Disrupting the payment distribution system by targeting intermediaries that support the vulnerable elements of the system
  • Raising awareness for potential victims
  • Establishing private partnerships for extra security

Microsoft Corporation stated, “as part of the DCU, Microsoft’s new Ransomware Analysis and Disruption Program, which we launched in 2020, strives to make ransomware less profitable and more difficult to deploy by disrupting infrastructure and payment systems that enable ransomware attacks and by preventing criminals from using Microsoft products and services to attack our customers. The program is based on Microsoft’s decade-long experience and history of success driving a sustained fight against other types of cybercrime.”

Excedeo has been a Microsoft registered partner for over a decade selling, implementing and supporting Microsoft server and desktop operating systems, server back office applications and desktop office suites. Take control of the safety of your technology and contact Excedeo.

Leave a Reply