80% of ransomware attacks are due to misconfigured servers, says Microsoft

Kareem Anderson


As Microsoft continues to try and tackle an onslaught of cybersecurity threats, it’s finding that common software configurations can thwart a large portion of ransomware attacks.

A new post on the Microsoft Security blog reports that a rise in Ransomware-as-a-service (RaaS) can be combated by simply reading through application default options.

According to the new Cyber Signals report, “You might use a popular app for one purpose, but that doesn’t mean criminals can’t weaponize it for another goal. Too often, “legacy” configurations mean an app is in its default state, allowing any user wide access across entire organizations. Don’t overlook this risk or hesitate to change app settings for fear of disruption.”

In addition, users have also been found to misconfigure cloud services, rely on unreliable security software, and traffic ransomware through default macro settings, which has led to Microsoft coining a version of ransomware attacks, human-operated ransomware.

What’s the solution?

Microsoft’s Threat intelligence analyst Emily Hacker suggests deleting duplicative or unused apps which could help prevent risky programs from being doorways for ransomware attacks. Secondly, being mindful of where permissions are granted to apps such as TeamViewer,

Some other ransomware endpoints identified by Hacker include stolen passwords, unprotected identities, missing or disabled security products as well as slow patching, to which she offers solutions such as authenticating identities, addressing security blinds spots as well as keeping systems up to date.

Microsoft Security -ransomware prevention

The sum total of Hacker’s analysis is that early and routine prevention practices are less costly than implementing enhanced security protocols as proven by the FBI’s 201 Internet Crime Report that documented cybercrime accounted for $6.9B in cost to organizations in the US.

The European Union Agency for Cybersecurity (ENISA) puts an exclamation point on the topic by reporting between May 2021 and June 2022, around 10 terabytes of data were stolen or compromised each month.