www.microsoft.com
Open in
urlscan Pro
2a02:26f0:7100:593::356e
Public Scan
URL:
https://www.microsoft.com/en-us/security/business/solutions/ransomware-protection-for-businesses
Submission: On June 15 via api from US — Scanned from DE
Submission: On June 15 via api from US — Scanned from DE
Form analysis 1 forms found in the DOM
Name: searchForm — GET https://www.microsoft.com/en-us/security/site-search
<form class="c-search" autocomplete="off" id="searchForm" name="searchForm" role="search" action="https://www.microsoft.com/en-us/security/site-search" method="GET" data-seautosuggest=""
data-seautosuggestapi="https://www.microsoft.com/msstoreapiprod/api/autosuggest"
data-m="{"cN":"GlobalNav_Search_cont","cT":"Container","id":"c3c1c9c4c1m1r1a1","sN":3,"aN":"c1c9c4c1m1r1a1"}" aria-expanded="false"
style="overflow-x: visible;">
<input id="cli_shellHeaderSearchInput" aria-label="Search Expanded" aria-autocomplete="list" aria-expanded="false" aria-controls="universal-header-search-auto-suggest-transparent" aria-owns="universal-header-search-auto-suggest-ul" type="search"
name="q" role="combobox" placeholder="Search Microsoft Security" data-m="{"cN":"SearchBox_nav","id":"n1c3c1c9c4c1m1r1a1","sN":1,"aN":"c3c1c9c4c1m1r1a1"}" data-toggle="tooltip"
data-placement="right" title="Search Microsoft Security" style="overflow-x: visible;">
<button id="search" aria-label="Search Microsoft Security" class="c-glyph" data-m="{"cN":"Search_nav","id":"n2c3c1c9c4c1m1r1a1","sN":2,"aN":"c3c1c9c4c1m1r1a1"}"
data-bi-mto="true" aria-expanded="false" style="overflow-x: visible;">
<span role="presentation" style="overflow-x: visible;">Search</span>
<span role="tooltip" class="c-uhf-tooltip c-uhf-search-tooltip" style="overflow-x: visible;">Search Microsoft Security</span>
</button>
<div class="m-auto-suggest" id="universal-header-search-auto-suggest-transparent" role="group" style="overflow-x: visible;">
<ul class="c-menu" id="universal-header-search-auto-suggest-ul" aria-label="Search Suggestions" aria-hidden="true" data-bi-dnt="true" data-bi-mto="true" data-js-auto-suggest-position="default" role="listbox" data-tel="jsll"
data-m="{"cN":"search suggestions_cont","cT":"Container","id":"c3c3c1c9c4c1m1r1a1","sN":3,"aN":"c3c1c9c4c1m1r1a1"}" style="overflow-x: visible;"></ul>
</div>
</form>Text Content
We use optional cookies to improve your experience on our websites, such as
through social media connections, and to display personalized advertising based
on your online activity. If you reject optional cookies, only cookies necessary
to provide you the services will be used. You may change your selection by
clicking “Manage Cookies” at the bottom of the page. Privacy Statement
Third-Party Cookies
Accept Reject Manage cookies
Skip to main content
Microsoft
Microsoft Security
Microsoft Security
Microsoft Security
* Home
* Solutions
* Cloud security
* Identity & access
* Information protection & governance
* Ransomware
* Secure remote work
* Risk management
* SIEM & XDR
* Small & medium business
* Zero Trust
* Products
* Identity & access Identity & access
* Microsoft Entra Overview
* Azure Active Directory part of Microsoft Entra
* Microsoft Entra Permissions Management
* Microsoft Entra Verified ID
* Azure Key Vault
* SIEM & XDR SIEM & XDR
* Microsoft Sentinel
* Microsoft Defender for Cloud
* Microsoft 365 Defender
* Microsoft Defender for Endpoint
* Microsoft Defender for Office 365
* Microsoft Defender for Identity
* Microsoft Defender for Cloud Apps
* Microsoft Defender Vulnerability Management
* Cloud security Cloud security
* Microsoft Defender for Cloud
* Azure Firewall
* Azure Web App Firewall
* Azure DDoS Protection
* GitHub Advanced Security
* Endpoint security Endpoint security
* Microsoft 365 Defender
* Microsoft Defender for Endpoint
* Microsoft Defender for IoT
* Microsoft Defender for Business
* Microsoft Defender Vulnerability Management
* Identity threat protection Identity threat protection
* Microsoft Defender for Identity
* Azure AD Identity Protection
* Risk management & privacy Risk management & privacy
* Microsoft Purview Overview
* Microsoft Purview Insider Risk Management
* Microsoft Purview Communication Compliance
* Microsoft Purview eDiscovery
* Microsoft Purview Compliance Manager
* Microsoft Priva Risk Management
* Information protection Information protection
* Microsoft Purview Overview
* Microsoft Purview Information Protection
* Microsoft Purview Data Lifecycle Management
* Microsoft Purview Data Loss Prevention
* Device management Device management
* Microsoft Endpoint Manager
* Services
* Partners
* Resources
* Get started Get started
* Customer stories
* Security 101
* Product trials
* How we protect Microsoft
* Reports and analysis Reports and analysis
* Microsoft Security Insider
* Microsoft Digital Defense Report
* Security Response Center
* Community Community
* Microsoft Security Blog
* Microsoft Security Events
* Microsoft Tech Community
* Documentation and training Documentation and training
* Documentation
* Technical Content Library
* Training & certifications
* Additional sites Additional sites
* Compliance Program for Microsoft Cloud
* Microsoft Trust Center
* Security Engineering Portal
* Service Trust Portal
* Contact sales
* More
* Start free trial
* All Microsoft
* * Microsoft Security
* Azure
* Dynamics 365
* Microsoft 365
* Microsoft Teams
* Windows 365
* Tech & innovation Tech & innovation
* Microsoft Cloud
* AI
* Azure Space
* Mixed reality
* Microsoft HoloLens
* Microsoft Viva
* Quantum computing
* Sustainability
* Industries Industries
* Education
* Automotive
* Financial services
* Government
* Healthcare
* Manufacturing
* Retail
* All industries
* Partners Partners
* Find a partner
* Become a partner
* Partner Network
* Find an advertising partner
* Become an advertising partner
* Azure Marketplace
* AppSource
* Resources Resources
* Blog
* Microsoft Advertising
* Developer Center
* Documentation
* Events
* Licensing
* Microsoft Learn
* Microsoft Research
* View Sitemap
Search Search Microsoft Security
Cancel
Sign in to your account
Sign in
PROTECT YOUR ORGANIZATION FROM RANSOMWARE
Learn how to prevent, detect, and remediate ransomware.
* Overview
* Demos
* Products
* Resources
Overview
* Overview
* Demos
* Products
* Resources
THE GROWING THREAT OF RANSOMWARE
Ransomware is a financially motivated type of cyberattack that destroys or
blocks access to critical organizational data, networks, or even physical
infrastructure. Adversaries use this tactic to hold systems for ransom,
threatening to destroy data, or release sensitive information to the public.
Play
Play Skip ahead to live broadcast. LIVE 00:00 / 00:00
0
More options
0
Full Screen
HOW TO COMBAT RANSOMWARE
Bolster security and stop ransomware with a combination of the right tools and
processes.
BUILD A SECURITY CULTURE
Assume breach and adopt Zero Trust frameworks. Build resiliency with consistent
training and processes that empower people to make secure decisions.
Learn more
PREPARE A RECOVERY PLAN
Know what to do if an attack occurs. A recovery plan helps you quickly get
business processes back to normal.
Learn more
STOP RANSOMWARE IN ITS TRACKS
> Invest in comprehensive solutions that block ransomware before it harms your
> business.
Learn more
THE ANATOMY OF A RANSOMWARE ATTACK
Learn more about the different types of ransomware and what motivates these
attacks. Explore how to respond in a step-by-step demo.
Overview
Guided Tour
RANSOMWARE DEFINED
*
Ransomware defined
* Ransomware defined
* Technology designed for extortion
* A payoff that’s difficult to trace
* Everyone’s a target
* Global costs continue to rise
* Organizational compromise from a single device
* Encryption, exfiltration, and extortion
* Summary
* Commodity ransomware
* Email is the entryway
* Spear phishing targets high-value employees
* Credential theft
* Broader identity theft
* Worms facilitate further compromise
* Data is now at risk
* Summary
* Human-operated ransomware
* Vulnerable targets provide a foothold
* Additional accounts are compromised
* The goal is administrative access
* The attack is escalated
* Maximum pressure
* Complete compromise
* Summary
* Ransomware demo
* Microsoft Sentinel
1. Visualize the attack
2. Understand which resources are impacted
* Microsoft 365 Defender
1. Trace and remediate across systems
2. Delve into attack details
3. Resolve the complex attack
4. Proactively deploy preventative mitigations
5. Understand organizational vulnerabilities
6. Improve defenses with expert recommendations
* Microsoft Defender for Cloud
1. Automatically detect and fix vulnerabilities
2. Improve security without impacting operations
3. Comprehensive threat detection and response
READY TO GET STARTED?
learn more
RANSOMWARE DEFINED
OVERVIEW
1/39
A THREAT WITH GLOBAL IMPACT
Ransomware is a type of extortion that can have a crippling impact on
individuals, organizations, and national security. Attackers often use
ransomware to target sectors like public health and critical infrastructure, but
every industry is vulnerable.
TECHNOLOGY DESIGNED FOR EXTORTION
Ransomware is a type of malware that encrypts files, folders, or infrastructure,
preventing access to critical data or assets. It can target any endpoint, such
as home computers, mobile devices, enterprise PCs, or servers.
A PAYOFF THAT’S DIFFICULT TO TRACE
Criminals use ransomware to demand money in exchange for releasing encrypted
files. They may also threaten to leak sensitive data to the public. Because
attackers usually insist on payment in cryptocurrency, tracing is extremely
difficult.
EVERYONE’S A TARGET
The three most frequently targeted sectors are consumer, financial, and
manufacturing. However, this represents only 37 percent of total ransomware
attacks, indicating no industry is immune. Even healthcare continues to be
attacked during the pandemic.
GLOBAL COSTS CONTINUE TO RISE
In the last year, there was a 130 percent increase in the number of
organizations hit with ransomware. The impact has been felt globally with ransom
demands running into the many millions of dollars and few legal options
available to victims.
ORGANIZATIONAL COMPROMISE FROM A SINGLE DEVICE
Attackers use a variety of techniques to gain access, including malicious emails
and documents and vulnerable devices, identities, and software. Then, they seek
out administrator credentials or other accounts with privileged access, so they
can compromise the entire organization.
ENCRYPTION, EXFILTRATION, AND EXTORTION
Some ransomware attacks will encrypt a victim’s files or assets, demanding a
ransom for the decryption key. Others will also exfiltrate data, which carries
extensive reputational risk because the stolen data may be released to the
public.
THE STAKES HAVE CHANGED
The growth trajectory for ransomware and extortion is enormous, and a successful
attack can be expensive for those who fall victim. Mitigating these attacks is
now an urgent priority for organizations around the globe.
LOW EFFORT, HIGH PROFIT
Commodity ransomware is a highly automated tactic designed to spread
indiscriminately, exploiting devices with relative weaknesses. A single attack
may target millions of users in the hope that a small percentage fall victim.
EMAIL IS THE ENTRYWAY
Phishing emails are a common entry point. They often appear to be from a trusted
sender or source and use social engineering and malicious content to trick
unsuspecting people into unintentionally compromising their security.
SPEAR PHISHING TARGETS HIGH-VALUE EMPLOYEES
Spear phishing is a phishing technique characterized by customized content
tailored to certain recipients. Attackers use public information to identify
individuals and research their backgrounds. They use this information to write
emails that will motivate the target to act.
IT STARTS WITH ONE COMPROMISED IDENTITY
For ransomware to be successful, attackers must steal credentials and compromise
an identity. This can take many forms. For example, some people inadvertently
provide their username and password by entering them into a site that appears
legitimate.
BROADER IDENTITY THEFT
Once attackers have compromised someone’s device, they may immediately begin
encrypting data. However, more ambitious attackers will use this access to
download more malware and look for opportunities to extract additional usernames
and passwords.
WORMS FACILITATE FURTHER COMPROMISE
Worms, another type of malware, enable ransomware to move throughout a network
using techniques, such as stealing credentials and sessions, accessing file
shares, exploiting vulnerabilities, or using legitimate administrative
functions.
DATA IS NOW AT RISK
In many cases, simply connecting the infected endpoint to an organizational
network is enough to see widespread compromise and significant business
disruption.
AUTOMATE YOUR DEFENSES
Commodity ransomware relies on well-known techniques and common vulnerabilities
to replicate at scale. To stay head, organizations need to automate their
defense, through education and a multilayered threat detection and response
strategy.
A HANDS-ON ATTACK AGAINST AN ORGANIZATION
As security solutions have gotten better at blocking techniques like phishing,
attackers are starting to move away from commodity ransomware. Human-operated
ransomware is spread by an attacker moving inside the compromised network of the
target organization.
VULNERABLE TARGETS PROVIDE A FOOTHOLD
Human-operated ransomware uses many of the same techniques as commodity
ransomware to establish an initial foothold in a network, such as malicious
emails and documents, vulnerable endpoints, compromised identities, and software
weaknesses.
ADDITIONAL ACCOUNTS ARE COMPROMISED
From their initial access point, attackers deploy malware to steal additional
credentials that facilitate moving through the network. If antivirus protection
is entirely missing from server-class endpoints, this step is trivial for the
attacker.
THE GOAL IS ADMINISTRATIVE ACCESS
Rather than an automated, opportunistic approach like commodity ransomware,
human-operated attacks typically move laterally through the network,
compromising endpoints and identities, and using malware to obtain complete
organizational compromise.
THE ATTACK IS ESCALATED
By compromising an administrative account, attackers can move with impunity
within the network, accessing any resource and disabling any security control.
Critical data centers and cloud resources essential to business operations are
vulnerable.
MAXIMUM PRESSURE
Attackers increase the pressure to pay by exfiltrating sensitive data. This puts
an organization in legal jeopardy if personally identifiable information is
leaked, and competitive disadvantage through the loss of trade secrets.
COMPLETE COMPROMISE
By carefully navigating the network, attackers ensure their compromise of the
organization is complete. No endpoints or backups are left untouched, leaving
organizations crippled and without access to the very tools needed to
effectively recover.
DEFEND WITH COMPREHENSIVE PROTECTION
To defend against the sophisticated adversaries behind human-operated
ransomware, organizations need a comprehensive strategy, including a ransomware
response plan, best-in-class detection and prevention, and holistic breach
remediation.
DETECT AND RESPOND TO A SOPHISTICATED ATTACK
With recent moves to the cloud, demand for remote working, and an aging
application portfolio, Tim and his SecOps team at an online retailer are busier
than ever. Microsoft threat protection helps them detect, respond, and mitigate
new threats.
ACHIEVE ENTERPRISE-WIDE INSIGHT INTO ATTACKS
Tim uses Microsoft Sentinel to see a high priority incident needing
investigation. The active human-operated ransomware attack has been identified
through detections from Microsoft 365 Defender and Microsoft Defender for Cloud.
VISUALIZE THE ATTACK
From the investigation graph, Tim sees the data collected from various
enterprise systems, the users and infrastructure under threat, the attack
techniques in use, and the connections between each.
UNDERSTAND WHICH RESOURCES ARE IMPACTED
By bringing together information from multiple data sources, Tim understands
more about the target and the actions leading up to the breach.
GET ACTIONABLE RECOMMENDATIONS
From the Microsoft 365 Defender incident screen, Tim gains deeper insight into
the attack through 22 automatically correlated alerts and expert threat advice.
TRACE AND REMEDIATE ACROSS SYSTEMS
Through the graph view, Tim sees how the spear phishing email led an employee to
click on a link and download a malicious document. From there, the attacker
moved laterally. Automated remediation fixed affected endpoints and mailboxes.
DELVE INTO ATTACK DETAILS
By drilling into the initial alert, Tim learns how the attacker used their
access from the malicious document and Mimikatz to gather credentials and move
laterally.
RESOLVE THE COMPLEX ATTACK
With fully automated and policy-driven manual remediation, Tim’s able to stop
this attack in its tracks. The incident has been quickly resolved, leaving Tim
and his team with time to focus on more proactive defense.
PROACTIVELY DEPLOY PREVENTATIVE MITIGATIONS
By learning more from Microsoft Threat Experts about the class of attack and how
it works, Tim quickly identifies a number of vulnerable devices.
UNDERSTAND ORGANIZATIONAL VULNERABILITIES
Using a Zero Trust security strategy, Tim enforces granular access control and
implements multifactor authentication. This helps him protect his Microsoft 365
estate against attacks like this in the future.
IMPROVE DEFENSES WITH EXPERT RECOMMENDATIONS
Microsoft 365 Defender helps Tim deploy a specific mitigation for ransomware
attacks to use client and cloud heuristics to determine if a file resembles
ransomware. This protects endpoints from even the most recent variations.
PROTECT CLOUD RESOURCES AND WORKLOADS
Tim now turns his focus to fortifying his security perimeter. Microsoft Defender
for Cloud accelerates this process by analyzing his infrastructure environment
to provide a set of actionable recommendations.
AUTOMATICALLY DETECT AND FIX VULNERABILITIES
Microsoft Defender for Cloud identifies a series of servers without endpoint
protection. Tim deploys the same automated remediation and cloud-based
protection offered by Microsoft Defender for Endpoint across every device.
IMPROVE SECURITY WITHOUT IMPACTING OPERATIONS
With just one click, Tim deploys endpoint protection across at-risk machines.
And with the continuous monitoring by Microsoft Defender for Cloud, he’ll be
ready to maintain compliance throughout his IT estate over time.
COMPREHENSIVE THREAT DETECTION AND RESPONSE
Microsoft solutions helped Tim detect and respond to a sophisticated ransomware
attack. Microsoft Sentinel provided an overview, Microsoft 365 Defender
correlated alerts, and Microsoft Defender for Cloud helped him secure his
infrastructure.
Previous Next
Share tour
{"sites":[{"pages":[{"order":0,"position":0,"slides":[],"tiles":[],"arialabel":null,"id":"Introduction","isImage2x":false,"imageHref":"","imageAlt":"","imageHeight":0,"imageWidth":0,"itemIndex":2,"name":"Technology
designed for
extortion","videoHref":"https://www.microsoft.com/en-us/videoplayer/embed/RE4VoC7","content":"<p>Ransomware
is a type of malware that encrypts files, folders, or infrastructure, preventing
access to critical data or assets. It can target any endpoint, such as home
computers, mobile devices, enterprise PCs, or
servers.</p>\n","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"Technology
designed for
extortion"},{"order":0,"position":0,"slides":[],"tiles":[],"arialabel":null,"id":"What-it-is","isImage2x":false,"imageHref":"","imageAlt":"","imageHeight":0,"imageWidth":0,"itemIndex":3,"name":"A
payoff that’s difficult to
trace","videoHref":"https://www.microsoft.com/en-us/videoplayer/embed/RE4Vrj3","content":"<p>Criminals
use ransomware to demand money in exchange for releasing encrypted files. They
may also threaten to leak sensitive data to the public. Because attackers
usually insist on payment in cryptocurrency, tracing is extremely
difficult.</p>\n","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"A
payoff that’s difficult to
trace"},{"order":0,"position":0,"slides":[],"tiles":[],"arialabel":null,"id":"Why-it-matters","isImage2x":false,"imageHref":"","imageAlt":"","imageHeight":0,"imageWidth":0,"itemIndex":4,"name":"Everyone’s
a
target","videoHref":"https://www.microsoft.com/en-us/videoplayer/embed/RE4Vmqg","content":"<p>The
three most frequently targeted sectors are consumer, financial, and
manufacturing. However, this represents only 37 percent of total ransomware
attacks, indicating no industry is immune. Even healthcare continues to be
attacked during the
pandemic.</p>\n","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"Everyone’s
a
target"},{"order":0,"position":0,"slides":[],"tiles":[],"arialabel":null,"id":"How-it-works","isImage2x":false,"imageHref":"","imageAlt":"","imageHeight":0,"imageWidth":0,"itemIndex":5,"name":"Global
costs continue to
rise","videoHref":"https://www.microsoft.com/en-us/videoplayer/embed/RE4Vh48","content":"<p>In
the last year, there was a 130 percent increase in the number of organizations
hit with ransomware. The impact has been felt globally with ransom demands
running into the many millions of dollars and few legal options available to
victims.</p>\n","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"Global
costs continue to
rise"},{"order":0,"position":0,"slides":[],"tiles":[],"arialabel":null,"id":"summary","isImage2x":false,"imageHref":"","imageAlt":"","imageHeight":0,"imageWidth":0,"itemIndex":6,"name":"Organizational
compromise from a single
device","videoHref":"https://www.microsoft.com/en-us/videoplayer/embed/RE4Vmqh","content":"<p>Attackers
use a variety of techniques to gain access, including malicious emails and
documents and vulnerable devices, identities, and software. Then, they seek out
administrator credentials or other accounts with privileged access, so they can
compromise the entire
organization.</p>\n","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"Organizational
compromise from a single
device"},{"order":0,"position":0,"slides":[],"tiles":[],"arialabel":null,"id":"introduction-encryption","isImage2x":false,"imageHref":"","imageAlt":"","imageHeight":0,"imageWidth":0,"itemIndex":7,"name":"Encryption,
exfiltration, and
extortion","videoHref":"https://www.microsoft.com/en-us/videoplayer/embed/RE4Vmqi","content":"<p>Some
ransomware attacks will encrypt a victim’s files or assets, demanding a ransom
for the decryption key. Others will also exfiltrate data, which carries
extensive reputational risk because the stolen data may be released to the
public.</p>\n","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"Encryption,
exfiltration, and
extortion"},{"order":0,"position":0,"slides":[],"tiles":[],"arialabel":null,"id":"summary1","isImage2x":false,"imageHref":"http://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4V9ZC?ver=8262","imageAlt":"[noalt]","imageHeight":730,"imageWidth":1297,"itemIndex":8,"name":"Summary","videoHref":"","content":"<p>The
growth trajectory for ransomware and extortion is enormous, and a successful
attack can be expensive for those who fall victim. Mitigating these attacks is
now an urgent priority for organizations around the
globe.<br>\n </p>\n","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"The
stakes have
changed"}],"arialabel":null,"id":"ransomware","isImage2x":false,"imageHref":"","imageAlt":"","imageHeight":0,"imageWidth":0,"itemIndex":1,"name":"Ransomware
defined","videoHref":"https://www.microsoft.com/en-us/videoplayer/embed/RE4U8Qy","content":"<p>Ransomware
is a type of extortion that can have a crippling impact on individuals,
organizations, and national security. Attackers often use ransomware to target
sectors like public health and critical infrastructure, but every industry is
vulnerable.</p>\n","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"A
threat with global
impact"},{"pages":[{"order":0,"position":0,"slides":[],"tiles":[],"arialabel":null,"id":"initial-access-email
","isImage2x":false,"imageHref":"","imageAlt":"","imageHeight":0,"imageWidth":0,"itemIndex":10,"name":"Email
is the
entryway","videoHref":"https://www.microsoft.com/en-us/videoplayer/embed/RE4Vkzl","content":"<p>Phishing
emails are a common entry point. They often appear to be from a trusted sender
or source and use social engineering and malicious content to trick unsuspecting
people into unintentionally compromising their
security.</p>\n","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"Email
is the
entryway"},{"order":0,"position":0,"slides":[],"tiles":[],"arialabel":null,"id":"initial-access-spear","isImage2x":false,"imageHref":"","imageAlt":"","imageHeight":0,"imageWidth":0,"itemIndex":11,"name":"Spear
phishing targets high-value
employees","videoHref":"https://www.microsoft.com/en-us/videoplayer/embed/RE4VuvK","content":"<p>Spear
phishing is a phishing technique characterized by customized content tailored to
certain recipients. Attackers use public information to identify individuals and
research their backgrounds. They use this information to write emails that will
motivate the target to
act.</p>\n","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"Spear
phishing targets high-value
employees"},{"order":0,"position":0,"slides":[],"tiles":[],"arialabel":null,"id":"credential-theft","isImage2x":false,"imageHref":"","imageAlt":"","imageHeight":0,"imageWidth":0,"itemIndex":12,"name":"Credential
theft","videoHref":"https://www.microsoft.com/en-us/videoplayer/embed/RE4VrNI","content":"<p>For
ransomware to be successful, attackers must steal credentials and compromise an
identity. This can take many forms. For example, some people inadvertently
provide their username and password by entering them into a site that appears
legitimate.</p>\n","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"It
starts with one compromised
identity"},{"order":0,"position":0,"slides":[],"tiles":[],"arialabel":null,"id":"the-impact-broader","isImage2x":false,"imageHref":"","imageAlt":"","imageHeight":0,"imageWidth":0,"itemIndex":13,"name":"Broader
identity
theft","videoHref":"https://www.microsoft.com/en-us/videoplayer/embed/RE4VrNR","content":"<p>Once
attackers have compromised someone’s device, they may immediately begin
encrypting data. However, more ambitious attackers will use this access to
download more malware and look for opportunities to extract additional usernames
and
passwords.</p>\n","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"Broader
identity
theft"},{"order":0,"position":0,"slides":[],"tiles":[],"arialabel":null,"id":"the-impact-worm","isImage2x":false,"imageHref":"","imageAlt":"","imageHeight":0,"imageWidth":0,"itemIndex":14,"name":"Worms
facilitate further
compromise","videoHref":"https://www.microsoft.com/en-us/videoplayer/embed/RE4Vmxu","content":"<p>Worms,
another type of malware, enable ransomware to move throughout a network using
techniques, such as stealing credentials and sessions, accessing file shares,
exploiting vulnerabilities, or using legitimate administrative
functions.</p>\n","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"Worms
facilitate further
compromise"},{"order":0,"position":0,"slides":[],"tiles":[],"arialabel":null,"id":"the-impact-data","isImage2x":false,"imageHref":"","imageAlt":"","imageHeight":0,"imageWidth":0,"itemIndex":15,"name":"Data
is now at
risk","videoHref":"https://www.microsoft.com/en-us/videoplayer/embed/RE4Vmxw","content":"<p>In
many cases, simply connecting the infected endpoint to an organizational network
is enough to see widespread compromise and significant business
disruption.</p>\n","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"Data
is now at
risk"},{"order":0,"position":0,"slides":[],"tiles":[],"arialabel":null,"id":"summary","isImage2x":false,"imageHref":"http://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4VhtS?ver=ce0e","imageAlt":"[noalt]","imageHeight":730,"imageWidth":1297,"itemIndex":16,"name":"Summary","videoHref":"","content":"<p>Commodity
ransomware relies on well-known techniques and common vulnerabilities to
replicate at scale. To stay head, organizations need to automate their defense,
through education and a multilayered threat detection and response
strategy.</p>\n","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"Automate
your
defenses"}],"arialabel":null,"id":"commodity","isImage2x":false,"imageHref":"","imageAlt":"","imageHeight":0,"imageWidth":0,"itemIndex":9,"name":"Commodity
ransomware","videoHref":"https://www.microsoft.com/en-us/videoplayer/embed/RE4Vmqn","content":"<p>Commodity
ransomware is a highly automated tactic designed to spread indiscriminately,
exploiting devices with relative weaknesses. A single attack may target millions
of users in the hope that a small percentage fall
victim.</p>\n","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"Low
effort, high
profit"},{"pages":[{"order":0,"position":0,"slides":[],"tiles":[],"arialabel":null,"id":"initial-access-vulnerable
","isImage2x":false,"imageHref":"","imageAlt":"","imageHeight":0,"imageWidth":0,"itemIndex":18,"name":"Vulnerable
targets provide a
foothold","videoHref":"https://www.microsoft.com/en-us/videoplayer/embed/RE4VkA7","content":"<p>Human-operated
ransomware uses many of the same techniques as commodity ransomware to establish
an initial foothold in a network, such as malicious emails and documents,
vulnerable endpoints, compromised identities, and software
weaknesses.</p>\n","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"Vulnerable
targets provide a
foothold"},{"order":0,"position":0,"slides":[],"tiles":[],"arialabel":null,"id":"initial-access-additional","isImage2x":false,"imageHref":"","imageAlt":"","imageHeight":0,"imageWidth":0,"itemIndex":19,"name":"Additional
accounts are
compromised","videoHref":"https://www.microsoft.com/en-us/videoplayer/embed/RE4VrQ2","content":"<p>From
their initial access point, attackers deploy malware to steal additional
credentials that facilitate moving through the network. If antivirus protection
is entirely missing from server-class endpoints, this step is trivial for the
attacker.</p>\n","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"Additional
accounts are
compromised"},{"order":0,"position":0,"slides":[],"tiles":[],"arialabel":null,"id":"credential-theft-the-goal","isImage2x":false,"imageHref":"","imageAlt":"","imageHeight":0,"imageWidth":0,"itemIndex":20,"name":"The
goal is administrative
access","videoHref":"https://www.microsoft.com/en-us/videoplayer/embed/RE4VrQ3","content":"<p>Rather
than an automated, opportunistic approach like commodity ransomware,
human-operated attacks typically move laterally through the network,
compromising endpoints and identities, and using malware to obtain complete
organizational
compromise.</p>\n","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"The
goal is administrative
access"},{"order":0,"position":0,"slides":[],"tiles":[],"arialabel":null,"id":"credential-theft-the-attack","isImage2x":false,"imageHref":"","imageAlt":"","imageHeight":0,"imageWidth":0,"itemIndex":21,"name":"The
attack is
escalated","videoHref":"https://www.microsoft.com/en-us/videoplayer/embed/RE4VkAz","content":"<p>By
compromising an administrative account, attackers can move with impunity within
the network, accessing any resource and disabling any security control. Critical
data centers and cloud resources essential to business operations are
vulnerable.</p>\n","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"The
attack is
escalated"},{"order":0,"position":0,"slides":[],"tiles":[],"arialabel":null,"id":"the-impact-maximum","isImage2x":false,"imageHref":"","imageAlt":"","imageHeight":0,"imageWidth":0,"itemIndex":22,"name":"Maximum
pressure","videoHref":"https://www.microsoft.com/en-us/videoplayer/embed/RE4V9yd","content":"<p>Attackers
increase the pressure to pay by exfiltrating sensitive data. This puts an
organization in legal jeopardy if personally identifiable information is leaked,
and competitive disadvantage through the loss of trade
secrets.</p>\n","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"Maximum
pressure"},{"order":0,"position":0,"slides":[],"tiles":[],"arialabel":null,"id":"the-impact-complete","isImage2x":false,"imageHref":"","imageAlt":"","imageHeight":0,"imageWidth":0,"itemIndex":23,"name":"Complete
compromise","videoHref":"https://www.microsoft.com/en-us/videoplayer/embed/RE4Vmyf","content":"<p>By
carefully navigating the network, attackers ensure their compromise of the
organization is complete. No endpoints or backups are left untouched, leaving
organizations crippled and without access to the very tools needed to
effectively
recover.</p>\n","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"Complete
compromise"},{"order":0,"position":0,"slides":[],"tiles":[],"arialabel":null,"id":"summary","isImage2x":false,"imageHref":"http://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4Vy6d?ver=26d2","imageAlt":"[noalt]","imageHeight":730,"imageWidth":1297,"itemIndex":24,"name":"Summary","videoHref":"","content":"<p>To
defend against the sophisticated adversaries behind human-operated ransomware,
organizations need a comprehensive strategy, including a ransomware response
plan, best-in-class detection and prevention, and holistic breach
remediation.</p>\n","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"Defend
with comprehensive
protection"}],"arialabel":null,"id":"human","isImage2x":false,"imageHref":"","imageAlt":"","imageHeight":0,"imageWidth":0,"itemIndex":17,"name":"Human-operated
ransomware","videoHref":"https://www.microsoft.com/en-us/videoplayer/embed/RE4VcgT","content":"<p>As
security solutions have gotten better at blocking techniques like phishing,
attackers are starting to move away from commodity ransomware. Human-operated
ransomware is spread by an attacker moving inside the compromised network of the
target
organization.</p>\n","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"A
hands-on attack against an
organization"},{"pages":[{"order":0,"position":0,"slides":[{"order":0,"position":0,"tiles":[],"arialabel":null,"id":"01","isImage2x":false,"imageHref":"http://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4V9Bj?ver=efbe","imageAlt":"A
high severity incident investigation in Microsoft
Sentinel.","imageHeight":658,"imageWidth":1096,"itemIndex":27,"name":"Visualize
the attack","videoHref":"","content":"<p>From the investigation graph, Tim sees
the data collected from various enterprise systems, the users and infrastructure
under threat, the attack techniques in use, and the connections between
each.</p>\n","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"Visualize
the
attack"},{"order":0,"position":1,"tiles":[],"arialabel":null,"id":"02","isImage2x":false,"imageHref":"http://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4VmzV?ver=f8fb","imageAlt":"A
high severity incident investigation in Microsoft Sentinel showing a specific
user and how they are
connected.","imageHeight":658,"imageWidth":1096,"itemIndex":28,"name":"Understand
which resources are impacted","videoHref":"","content":"<p>By bringing together
information from multiple data sources, Tim understands more about the target
and the actions leading up to the
breach.</p>\n","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"Understand
which resources are
impacted"}],"tiles":[],"arialabel":null,"id":"microsoft-sentinel-achieve","isImage2x":false,"imageHref":"http://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4VeiW?ver=56fa","imageAlt":"Incidents
sorted by severity in Microsoft
Sentinel.","imageHeight":658,"imageWidth":1096,"itemIndex":26,"name":"Microsoft
Sentinel","videoHref":"","content":"<p>Tim uses Microsoft Sentinel to see a high
priority incident needing investigation. The active human-operated ransomware
attack has been identified through detections from Microsoft 365 Defender and
Microsoft Defender for
Cloud.</p>\n","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"Achieve
enterprise-wide insight into
attacks"},{"order":0,"position":0,"slides":[{"order":0,"position":0,"tiles":[],"arialabel":null,"id":"03","isImage2x":false,"imageHref":"http://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4V9Bs?ver=1d86","imageAlt":"An
incident graph showing the users involved and how they are all
connected.","imageHeight":658,"imageWidth":1096,"itemIndex":30,"name":"Trace and
remediate across systems","videoHref":"","content":"<p>Through the graph view,
Tim sees how the spear phishing email led an employee to click on a link and
download a malicious document. From there, the attacker moved laterally.
Automated remediation fixed affected endpoints and
mailboxes.</p>\n","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"Trace
and remediate across
systems"},{"order":0,"position":1,"tiles":[],"arialabel":null,"id":"04","isImage2x":false,"imageHref":"http://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4VmzY?ver=14c0","imageAlt":"A
timeline of possible lateral movement within an incident in Microsoft 365
Defender.","imageHeight":658,"imageWidth":1096,"itemIndex":31,"name":"Delve into
attack details","videoHref":"","content":"<p>By drilling into the initial alert,
Tim learns how the attacker used their access from the malicious document and
Mimikatz to gather credentials and move
laterally.</p>\n","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"Delve
into attack
details"},{"order":0,"position":2,"tiles":[],"arialabel":null,"id":"05","isImage2x":false,"imageHref":"http://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4VmA1?ver=d3d9","imageAlt":"A
summary of a resolved incident in Microsoft 365
Defender.","imageHeight":658,"imageWidth":1096,"itemIndex":32,"name":"Resolve
the complex attack","videoHref":"","content":"<p>With fully automated and
policy-driven manual remediation, Tim’s able to stop this attack in its tracks.
The incident has been quickly resolved, leaving Tim and his team with time to
focus on more proactive
defense.</p>\n","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"Resolve
the complex
attack"},{"order":0,"position":3,"tiles":[],"arialabel":null,"id":"06","isImage2x":false,"imageHref":"http://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4VkDk?ver=09d7","imageAlt":"An
overview of a ransomware threat in Microsoft
Defender.","imageHeight":658,"imageWidth":1096,"itemIndex":33,"name":"Proactively
deploy preventative mitigations","videoHref":"","content":"<p>By learning more
from Microsoft Threat Experts about the class of attack and how it works, Tim
quickly identifies a number of vulnerable
devices.</p>\n","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"Proactively
deploy preventative
mitigations"},{"order":0,"position":4,"tiles":[],"arialabel":null,"id":"07","isImage2x":false,"imageHref":"http://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4V9Bw?ver=8484","imageAlt":"Mitigations
and secure configurations for a ransomware threat in Microsoft 365
Defender.","imageHeight":658,"imageWidth":1096,"itemIndex":34,"name":"Understand
organizational vulnerabilities","videoHref":"","content":"<p>Using a Zero Trust
security strategy, Tim enforces granular access control and implements
multifactor authentication. This helps him protect his Microsoft 365 estate
against attacks like this in the
future.</p>\n","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"Understand
organizational
vulnerabilities"},{"order":0,"position":5,"tiles":[],"arialabel":null,"id":"08","isImage2x":false,"imageHref":"http://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4VejV?ver=fe12","imageAlt":"A
security recommendation to request mediation for advanced protection against
ransomware.","imageHeight":658,"imageWidth":1096,"itemIndex":35,"name":"Improve
defenses with expert recommendations","videoHref":"","content":"<p>Microsoft 365
Defender helps Tim deploy a specific mitigation for ransomware attacks to use
client and cloud heuristics to determine if a file resembles ransomware. This
protects endpoints from even the most recent
variations.</p>\n","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"Improve
defenses with expert
recommendations"}],"tiles":[],"arialabel":null,"id":"microsoft-365-defender-get","isImage2x":false,"imageHref":"http://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4V9Bp?ver=0b2b","imageAlt":"An
incident summary showing alerts, scope, impacted entities and
more.","imageHeight":658,"imageWidth":1096,"itemIndex":29,"name":"Microsoft 365
Defender","videoHref":"","content":"<p>From the Microsoft 365 Defender incident
screen, Tim gains deeper insight into the attack through 22 automatically
correlated alerts and expert threat
advice.</p>\n","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"Get
actionable
recommendations"},{"order":0,"position":0,"slides":[{"order":0,"position":0,"tiles":[],"arialabel":null,"id":"09","isImage2x":false,"imageHref":"http://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4Vek1?ver=578d","imageAlt":"A
list of recommendations to impact your secure score in Microsoft Defender for
Cloud.","imageHeight":658,"imageWidth":1096,"itemIndex":37,"name":"Automatically
detect and fix vulnerabilities","videoHref":"","content":"<p>Microsoft Defender
for Cloud identifies a series of servers without endpoint protection. Tim
deploys the same automated remediation and cloud-based protection offered by
Microsoft Defender for Endpoint across every
device.</p>\n","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"Automatically
detect and fix
vulnerabilities"},{"order":0,"position":1,"tiles":[],"arialabel":null,"id":"10","isImage2x":false,"imageHref":"http://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4VmA5?ver=9562","imageAlt":"A
list of affected resources in Microsoft Defender for
Cloud.","imageHeight":658,"imageWidth":1096,"itemIndex":38,"name":"Improve
security without impacting operations","videoHref":"","content":"<p>With just
one click, Tim deploys endpoint protection across at-risk machines. And with the
continuous monitoring by Microsoft Defender for Cloud, he’ll be ready to
maintain compliance throughout his IT estate over
time.</p>\n","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"Improve
security without impacting
operations"},{"order":0,"position":2,"tiles":[],"arialabel":null,"id":"11","isImage2x":false,"imageHref":"http://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4V9Bz?ver=27c5","imageAlt":"A
chart outlining an attack that starts with a malicious email, an attacker
gaining control through multiple steps and ending with the attacker grabbing
data through data
exfiltration.","imageHeight":658,"imageWidth":1096,"itemIndex":39,"name":"Comprehensive
threat detection and response","videoHref":"","content":"<p>Microsoft solutions
helped Tim detect and respond to a sophisticated ransomware attack. Microsoft
Sentinel provided an overview, Microsoft 365 Defender correlated alerts, and
Microsoft Defender for Cloud helped him secure his
infrastructure.</p>\n","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"Comprehensive
threat detection and
response"}],"tiles":[],"arialabel":null,"id":"microsoft-defender-for-cloud-protect","isImage2x":false,"imageHref":"http://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4VejY?ver=a38a","imageAlt":"An
overview in Microsoft Defender for Cloud showing secure score, regulatory
compliance measurements and
more.","imageHeight":658,"imageWidth":1096,"itemIndex":36,"name":"Microsoft
Defender for Cloud","videoHref":"","content":"<p>Tim now turns his focus to
fortifying his security perimeter. Microsoft Defender for Cloud accelerates this
process by analyzing his infrastructure environment to provide a set of
actionable
recommendations.</p>\n","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"Protect
cloud resources and
workloads"}],"arialabel":null,"id":"demo","isImage2x":false,"imageHref":"http://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE4VpaQ?ver=2460","imageAlt":"An
infographic showing a malicious email as a place an attacker exploits
vulnerability.","imageHeight":658,"imageWidth":1096,"itemIndex":25,"name":"Ransomware
demo ","videoHref":"","content":"<p>With recent moves to the cloud, demand for
remote working, and an aging application portfolio, Tim and his SecOps team at
an online retailer are busier than ever. Microsoft threat protection helps them
detect, respond, and mitigate new
threats.</p>\n","isLogo2x":false,"links":null,"logoHref":"","logoAlt":"","logoHeight":0,"logoWidth":0,"title":"Detect
and respond to a sophisticated attack"}],"itemsCount":39}
PROTECT YOUR BUSINESS FROM RANSOMWARE WITH SIEM AND XDR PRODUCTS
Microsoft empowers your organization’s defenders by putting the right tools and
intelligence in the hands of the right people. Combine security incidents and
event management (SIEM) and extended detection and response (XDR) to increase
efficiency and effectiveness while securing your digital estate against
ransomware.
Microsoft Sentinel Microsoft 365 Defender Microsoft Defender for Cloud
Get a bird’s-eye view across the enterprise with a cloud-native SIEM tool.
Aggregate security data from virtually any source and apply AI to separate noise
from legitimate ransomware events, correlate alerts across complex attack
chains, and speed up threat response with built-in orchestration and automation.
Eliminate security infrastructure setup and maintenance, elastically scale to
meet your security needs, and reduce costs with the flexibility of the cloud.
Learn more
Prevent and detect ransomware attacks across your identities, endpoints, apps,
email, data, and cloud apps with XDR capabilities. Investigate and respond to
attacks with out-of-the-box, best-in-class protection. Hunt for threats and
easily coordinate your response from a single dashboard.
Learn more
Protect your multi-cloud and hybrid cloud workloads from ransomware with
built-in XDR capabilities. Secure your servers, databases, storage, containers,
and IoT devices. Focus on what matters most with prioritized alerts.
Learn more
Get a bird’s-eye view across the enterprise with a cloud-native SIEM tool.
Aggregate security data from virtually any source and apply AI to separate noise
from legitimate ransomware events, correlate alerts across complex attack
chains, and speed up threat response with built-in orchestration and automation.
Eliminate security infrastructure setup and maintenance, elastically scale to
meet your security needs, and reduce costs with the flexibility of the cloud.
Learn more
Prevent and detect ransomware attacks across your identities, endpoints, apps,
email, data, and cloud apps with XDR capabilities. Investigate and respond to
attacks with out-of-the-box, best-in-class protection. Hunt for threats and
easily coordinate your response from a single dashboard.
Learn more
Protect your multi-cloud and hybrid cloud workloads from ransomware with
built-in XDR capabilities. Secure your servers, databases, storage, containers,
and IoT devices. Focus on what matters most with prioritized alerts.
Learn more
ADDITIONAL RESOURCES
ZERO TRUST ASSESSMENT
Evaluate your progress toward adopting a Zero Trust security framework.
Evaluate your security posture
STAY UP TO DATE
Learn the latest trends in ransomware and other security threats.
Read the security blog
CONTENT AND DOCS
Dive deeper into ransomware and get more tools to help prevent ransomware and
protect your business.
Learn more
STOP BREACHES ACROSS YOUR ENTIRE ORGANIZATION
Defend against modern attacks with a cloud-native SIEM (Security information and
event management) and XDR (Extended detection and response) solution.
Learn more
Follow Microsoft
* LinkedIn
* Twitter
* Blog
What's new
* Surface Laptop Go 2
* Surface Pro 8
* Surface Laptop Studio
* Surface Pro X
* Surface Go 3
* Surface Duo 2
* Surface Pro 7+
* Windows 11 apps
Microsoft Store
* Account profile
* Download Center
* Microsoft Store support
* Returns
* Order tracking
* Virtual workshops and training
* Microsoft Store Promise
* Flexible Payments
Education
* Microsoft in education
* Devices for education
* Microsoft Teams for Education
* Microsoft 365 Education
* Education consultation appointment
* Educator training and development
* Deals for students and parents
* Azure for students
Business
* Microsoft Cloud
* Microsoft Security
* Dynamics 365
* Microsoft 365
* Microsoft Power Platform
* Microsoft Teams
* Microsoft Industry
* Small Business
Developer & IT
* Azure
* Developer Center
* Documentation
* Microsoft Learn
* Microsoft Tech Community
* Azure Marketplace
* AppSource
* Visual Studio
Company
* Careers
* About Microsoft
* Company news
* Privacy at Microsoft
* Investors
* Diversity and inclusion
* Accessibility
* Sustainability
English (United States)
* Sitemap
* Contact Microsoft
* Privacy
* Manage cookies
* Terms of use
* Trademarks
* Safety & eco
* About our ads
* © Microsoft 2022