Microsoft Research: Configuration Errors Behind Most Ransomware Attacks

Four common problems are giving cybercriminals an advantage.

Edward Gately, Senior News Editor

August 23, 2022

2 Min Read
Data Error

New Microsoft research shows over 80% of ransomware attacks can be traced to common configuration errors in software and devices.

Microsoft’s latest edition of Cyber Signals spotlights security trends and insights. It gathered them from Microsoft’s 43 trillion security signals and 8,500 security experts.

The Microsoft research examines the evolving cybercrime economy and the rise of ransomware-as-a-service (RaaS).

Emily Hacker is a threat intelligence analyst at Microsoft.


Microsoft’s Emily Hacker

“Just as many industries have shifted toward gig workers for efficiency, cybercriminals are renting or selling their ransomware tools for a portion of the profits, rather than performing the attacks themselves,” she said. “The RaaS economy allows cybercriminals to purchase access to ransomware payloads and data leakage, as well as payment infrastructure. Ransomware ‘gangs’ are in reality RaaS programs like Conti or REvil, used by many different actors who switch between RaaS programs and payloads.”

Four Problems Helping Cybercriminals

The Microsoft research points to four problems that are giving cybercriminals an advantage. They are: stolen passwords and unprotected identities; missing or disabled security products; misconfigured or abused applications; and slow patching.

“You might use a popular app for one purpose, but that doesn’t mean criminals can’t weaponize it for another goal,” Hacker said. “Too often, ‘legacy’ configurations mean an app is in its default state, allowing any user wide access across entire organizations. Don’t overlook this risk or hesitate to change app settings for fear of disruption.”

Among the solutions are: authenticate identities; address security blind spots; harden internet-facing assets; and keep systems up to date.

Security Hardening Saves Money

While many organizations consider it too costly to implement enhanced security protocols, security hardening actually saves money, Microsoft said. Not only will systems become more secure, but an organization will spend less on security costs and less time responding to threats, leaving more time to focus on incoming incidents.

“While ransomware or double extortion can seem an inevitable outcome from an attack by a sophisticated attacker, ransomware is an avoidable disaster,” Hacker said. “Reliance on security weaknesses by attackers means that investments in cyber hygiene go a long way.”

It takes new levels of collaboration to meet the ransomware challenge, according to Microsoft. The best defenses begin with clarity and prioritization, which means more sharing of information across and between the public and private sectors, and a collective resolve to help each other make the world safer for all.

Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn.

About the Author(s)

Edward Gately

Senior News Editor, Channel Futures

As news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like