Combining Azure and strategic planning for ransomware protection

Apr 11, 2022

Ransomware crimes are becoming more advanced and more destructive, and increasingly, middle market companies are the victims.

The RSM US Middle Market Business Index 2021 Cybersecurity Special Report found that 42% of middle market executives know of a company targeted by a ransomware attack.

Thirty-three percent of survey respondents said they had experienced a ransomware attack or demand in the last year, the highest number since ransomware became a focus of the survey four years ago, and a 10% increase from last year.

Eleven percent of executives experienced more than one attack in 2020. This is a common tactic by cybercriminals—once a breach occurs, they will continue to attempt to attack the company until it proves that its network is secure.

A strategy for ransomware prevention is not an option in this environment. It is a must.

New threats complicate ransomware prevention

Pandemic health measures that forced people to work at home using often-outdated and unprotected systems contributed to a documented rise in ransomware attacks. However, a more frightening trend will have longer-lasting consequences: Cybercriminals are creating new ways to make money off of ransomware, even if they aren’t directly involved in holding an organization’s systems hostage for payment.

Ransomware-as-a-service (RaaS) is similar to software-as-a-service (SaaS). With RaaS, sophisticated cybercriminals develop and sell ransomware platforms to other cybercriminals.

RaaS sellers give buyers a kit that includes extensive training, reference materials and malicious code that can be used to launch an attack. The transaction occurs with a predetermined cryptocurrency payment for a finite period of usage.

The attacks leverage well-established hacking tools, while employing current vulnerability and penetration testing tools (i.e., Cobalt Strike). They are designed to not only exploit well-known, existing vulnerabilities but also take advantage of new zero-day vulnerabilities.

The right technology and strategy are key

Organizations using Microsoft Dynamics 365 have recently gained added tools to help prevent ransomware through Microsoft’s Azure cloud platform, which hosts the Dynamics applications and data. A new detection feature will send alerts to security teams when the system observes actions potentially associated with ransomware activities.

Microsoft's Fusion technology uses machine learning (ML) to find the potential attacks. Once ransomware activities are detected and correlated by the Fusion ML model, it triggers a high severity incident in the Azure Sentinel workspace.

Automated detection is an important component in combatting ransomware, but it’s not the only one. An anti-ransomware strategy for Dynamics applications should include three components—prevention, detection and response.

RSM can help your organization build a comprehensive strategy. We start with a comprehensive assessment for potential ransomware susceptibility and pinpoint areas for improvement. This assessment also reveals how ransomware could affect your unique business processes. With this knowledge, you can more efficiently train people, tune equipment and allocate resources to prevent, detect and respond to ransomware.

The assessment consists of several key steps, including:

  • Simulating a real ransomware attack to directly test the effectiveness of your controls
  • Confirming whether logging, monitoring and alerting systems are properly configured
  • Testing security controls, user susceptibility and incident response procedures

Ransomware can incapacitate a business, and our ransomware assessment plus additional tools in Azure cloud can help your company avoid a potential disaster.