human-operated ransomware – Computer Security Articles

Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction

October 30, 2023 admin adversary-in-the-middle (aitm), credential theft, elevation of privilege, extortion, human-operated ransomware, Ransomware as a Service, tempest

Credit to Author: Microsoft Incident Response and Microsoft Threat Intelligence| Date: Wed, 25 Oct 2023 16:30:00 +0000

Microsoft has been tracking activity related to the financially motivated threat actor Octo Tempest, whose evolving campaigns represent a growing concern for many organizations across multiple industries.

The post Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction appeared first on Microsoft Security Blog.

Microsoft Security

Automatic disruption of human-operated attacks through containment of compromised user accounts

October 16, 2023 admin human-operated ransomware, ransomware

Credit to Author: Microsoft Threat Intelligence| Date: Wed, 11 Oct 2023 16:00:00 +0000

User containment is a unique and innovative defense mechanism that stops human-operated attacks in their tracks. We’ve added user containment to the automatic attack disruption capability in Microsoft Defender for Endpoint. User containment is automatically triggered by high-fidelity signals and limits attackers’ ability to move laterally within a network regardless of the compromised account’s Active Directory state or privilege level.

The post Automatic disruption of human-operated attacks through containment of compromised user accounts appeared first on Microsoft Security Blog.

Microsoft Security

Stopping C2 communications in human-operated ransomware through network protection

November 3, 2022 admin c2, command and control, cybersecurity, human-operated ransomware, microsoft, Microsoft security intelligence, network protection, ransomware, Security

Credit to Author: Katie McCafferty| Date: Thu, 03 Nov 2022 16:00:00 +0000

Providing advanced protection against increasingly sophisticated human-operated ransomware, Microsoft Defender for Endpoint’s network protection leverages threat intelligence and machine learning to block command-and-control (C2) communications.

The post Stopping C2 communications in human-operated ransomware through network protection appeared first on Microsoft Security Blog.

Microsoft Security

The many lives of BlackCat ransomware

June 13, 2022 admin cybersecurity, human-operated ransomware, Microsoft security intelligence, ransomware, Ransomware as a Service

Credit to Author: Paul Oliveria| Date: Mon, 13 Jun 2022 16:00:00 +0000

The use of an unconventional programming language, multiple target devices and possible entry points, and affiliation with prolific threat activity groups have made the BlackCat ransomware a prevalent threat and a prime example of the growing ransomware-as-a-service (RaaS) gig economy.

The post The many lives of BlackCat ransomware appeared first on Microsoft Security Blog.

Microsoft Security

Center for Threat-Informed Defense, Microsoft, and industry partners streamline MITRE ATT&CK® matrix evaluation for defenders

May 11, 2022 admin center for threat-informed defense, cybersecurity, human-operated ransomware, Microsoft security intelligence, mitre att&ck, ransomware

Credit to Author: Microsoft 365 Defender Threat Intelligence Team| Date: Wed, 11 May 2022 16:00:00 +0000

The Center for Threat-Informed Defense, along with Microsoft and industry partners, collaborated on a repeatable methodology and a web-based calculator, aiming to streamline MITRE ATT&CK® use for defenders.

The post Center for Threat-Informed Defense, Microsoft, and industry partners streamline MITRE ATT&CK® matrix evaluation for defenders appeared first on Microsoft Security Blog.

Microsoft Security

Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself

May 9, 2022 admin cybersecurity, human-operated ransomware, Microsoft security intelligence, ransomware, Ransomware as a Service

Credit to Author: Microsoft 365 Defender Threat Intelligence Team| Date: Mon, 09 May 2022 13:00:00 +0000

Microsoft coined the term “human-operated ransomware” to clearly define a class of attack driven by expert humane intelligence at every step of the attack chain and culminate in intentional business disruption and extortion. In this blog, we explain the ransomware-as-a-service affiliate model and disambiguate between the attacker tools and the various threat actors at play during a security incident.

The post Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself appeared first on Microsoft Security Blog.