Five steps to protect against ransomware with Microsoft 365

Ransomware is the fastest growing type of malware, with the value of ransomware payouts increasing over 300% between 2019 and 2020 alone. This growth has been fuelled by the COVID pandemic since cyber criminals are now targeting staff working from home and exploiting other COVID-related vulnerabilities. The risk posed by ransomware is significant, with over a third of all UK businesses being attacked by ransomware since the start of the COVID pandemic. In this article, Matt Smith- Softwerx’s Microsoft Services Director- outlines the most effective measures you can put in place with Microsoft to reduce your risk of a successful ransomware attack.

How ransomware worksRansomware gangs lock companies out of their data and then charge them a hefty ransom to regain access. Often ransoms also involve threats to publicly expose organisations private data. Ransomware can start in one device and quickly spread to connected networks and shared files that can end up paralysing an entire organisation. It is most often spread by malicious ‘phishing’ email links and attachments.

Ransomware is now a £10 billion a year industry and has grown rapidly since the first ransomware attack in 1989 called the AIDS trojan. This was spread using 20 000 floppy discs handed out at the World Health Organisation’s AIDS conference, and once infected, victims were charged $189 to get them decrypted. The price for computer ransoms has gone up significantly since then, with one of the largest ransomware payouts ever being the $4.4 (£3.1) million payment by major US fuel company Colonial Pipeline in May 2021 to the DarkSide gang.

Mitigate ransomware risk with a ‘Microsoft First’ approach…
Softwerx recommends adopting a ‘Microsoft First’ approach to ransomware security. This means better leveraging your existing Microsoft setup to take advantage of recent security enhancements. This approach helps you engage Microsoft’s flagship security solutions such as Defender 365. Defender was named Leader in the Gartner Magic Quadrant for Endpoint Protection Platforms and Microsoft Cloud App Security was nameD leader in the Magic Quadrant for Cloud Access Security Brokers.

Five Microsoft First steps to mitigate ransomware
Step 1: Leverage Defender for 365
Protect against malware and check links in Outlook and Teams by leveraging Defender 365’s features:

1. Safe attachments
2. Safe links
3. Time-of-click protection in email, Office clients, and Teams
4. Anti-phishing
5. Impersonation protection
6. Automated Investigation and Response

Step 2: Leverage Defender for Endpoint
Detect, investigate, and respond to advanced threats with Defender for Endpoint

1. Take a risk score approach to discovery, prioritization, and remediation of endpoint vulnerabilities and misconfigurations
2. Enhance your first line of defence with Attack Surface Reduction, ensure configuration settings are properly set and exploit mitigation techniques are applied
3. Detect, investigate, and respond to advanced threats with Endpoint detection and response
4. Automate investigation and remediation to reduce the volume of alerts and operate at scale
5. Integrate with the rest of Microsoft 365 to enhance checks and controls in services like Cloud App Security and Conditional Access

Step 3: Engage Cloud App Security and SaaS security services

1. Discover and control the cloud apps, IaaS, and PaaS services users are connecting to using Microsoft’s Cloud App Security
2. Understand, classify, and protect the exposure of sensitive information across the cloud
3. Detect unusual behaviour across cloud apps to identify ransomware, compromised users or rogue applications
4. Assess if your cloud apps meet your compliance requirements including regulatory compliance and industry standards

Step 4: Ensure you have regular off-server backups

1. Ensure you have off-site secure backups using e.g. using OneDrive’s backup function

Step 5: User awareness with phishing-attack training…
Use the Microsoft Cybersecurity Awareness Kit or another similar user-awareness training package to:

1. Detect vulnerabilities by using real lures (actual phishing emails)
2. Train staff in how to detect and report phishing attacks
3. Quantify your social engineering risk across employees

Manage your ransomware risk posture
Ransomware is a growing problem that is impacting many organisations. Your organisation can leverage the industry-leading Microsoft tools and services above to significantly reduce the threat of a ransomware attack. We also recommend you have a thorough understanding of your risk posture.

If you would like a free Microsoft Security Assessment to analyse your current ransomware risk profile, find out more on our website here and get in touch to book yours.