Microsoft has rolled out a new ransomware detection feature to Azure customers. With the new feature, Microsoft’s customers will be alerted when their systems perform actions that are associated with the development and execution of ransomware.
Microsoft’s Sylvie Liu said that the company’s Azure team jointly with the Microsoft Threat Intelligence Center developed Fusion technology that can detect ransomware attacks.
Liu explained that the system would send out notifications related to the detected ransomware activity in the Azure Sentinel workspace. The system will send alerts when it sees ransomware activities that are at the defense evasion and execution stages.
The alerts will summarize the actions taken by devices or hosts deployed by the user based on the data from Azure Defender (Azure Security Center), Microsoft Defender for Identity, Microsoft Defender for Endpoint, Microsoft Cloud App Security, and Azure Sentinel scheduled analytics rules. They will also show which devices and hosts were affected.
According to a report released by BlackFog, the number of ransomware attacks targeting government organizations and schools has increased significantly in 2021. PurpleSec stated that ransomware attacks in 2020 caused over $20 billion worth of damage.
Alerts can help security analysts to analyze and respond to ransomware attacks faster to contain and remediate them.
“When it comes to ransomware attacks, time more than anything else is the most important factor in preventing more machines or the entire network from getting compromised. The sooner such alerts are raised to security analysts with the details on various attacker activities, the faster the ransomware attacks can be contained and remediated.”
However, the attacks are becoming more sophisticated and complex, which makes it harder to detect them before they happen.
“Preventing such attacks in the first place would be the ideal solution but with the new trend of ‘ransomware as a service’ and human operated ransomware, the scope and the sophistication of attacks are increasing — attackers are using slow and stealth techniques to compromise network, which makes it harder to detect them in the first place,” Liu said.
