Microsoft Research: Configuration Errors Behind Most Ransomware Attacks

New Microsoft research shows over 80% of ransomware attacks can be traced to common configuration errors in software and devices.

Microsoft’s latest edition of Cyber Signals spotlights security trends and insights. It gathered them from Microsoft’s 43 trillion security signals and 8,500 security experts.

The Microsoft research examines the evolving cybercrime economy and the rise of ransomware-as-a-service (RaaS).

Emily Hacker is a threat intelligence analyst at Microsoft.

Microsoft’s Emily Hacker

“Just as many industries have shifted toward gig workers for efficiency, cybercriminals are renting or selling their ransomware tools for a portion of the profits, rather than performing the attacks themselves,” she said. “The RaaS economy allows cybercriminals to purchase access to ransomware payloads and data leakage, as well as payment infrastructure. Ransomware ‘gangs’ are in reality RaaS programs like Conti or REvil, used by many different actors who switch between RaaS programs and payloads.”

Four Problems Helping Cybercriminals

The Microsoft research points to four problems that are giving cybercriminals an advantage. They are: stolen passwords and unprotected identities; missing or disabled security products; misconfigured or abused applications; and slow patching.

“You might use a popular app for one purpose, but that doesn’t mean criminals can’t weaponize it for another goal,” Hacker said. “Too often, ‘legacy’ configurations mean an app is in its default state, allowing any user wide access across entire organizations. Don’t overlook this risk or hesitate to change app settings for fear of disruption.”

Among the solutions are: authenticate identities; address security blind spots; harden internet-facing assets; and keep systems up to date.

Security Hardening Saves Money

While many organizations consider it too costly to implement enhanced security protocols, security hardening actually saves money, Microsoft said. Not only will systems become more secure, but an organization will spend less on security costs and less time responding to threats, leaving more time to focus on incoming incidents.

“While ransomware or double extortion can seem an inevitable outcome from an attack by a sophisticated attacker, ransomware is an avoidable disaster,” Hacker said. “Reliance on security weaknesses by attackers means that investments in cyber hygiene go a long way.”

It takes new levels of collaboration to meet the ransomware challenge, according to Microsoft. The best defenses begin with clarity and prioritization, which means more sharing of information across and between the public and private sectors, and a collective resolve to help each other make the world safer for all.