Threat Intelligence reports often ignore ‘commodity’ threats, or fail to explain how a threat can be prevented. We think differently, and want you to know how the most impactful threats work and how you can stop them. Stopping Ransomware is possible, with built in configurations.

Credential theft, lateral movement, data exfiltration -terms many don’t associate with ransomware. But that is what happens during these attacks and the mindset needs to shift. Paying a ransom doesn’t remove the attacker, and formatting a ransomed machine doesn’t undo the attack.

An insufficiently secured network is distributed computing resources to an attacker. If you have no host firewalls, matching local admin passwords, services that log in as highly privileged accounts and haven’t had an attack yet- it’s likely just because you weren’t selected.

Multiple ransomware groups that have been accumulating access and maintaining persistence on target networks for several months activated dozens of ransomware deployments in the first two weeks of April. msft.it/6011Tg9Lx