Security News > 2020 > March > Next-Gen Ransomware Packs a ‘Human’ Punch, Microsoft Warns

"These attacks are known to take advantage of network configuration weaknesses and vulnerable services to deploy devastating ransomware payloads," said researchers on Thursday.

"And while ransomware is the very visible action taken in these attacks, human operators also deliver other malicious payloads, steal credentials, and access and exfiltrate data from compromised networks."

Microsoft said one trend it has observed is a "Smash-and-grab monetization" technique, where attackers infiltrate a system via brute force, and proceed with deploying the ransomware, credential theft, and other attacks - all in less than an hour, decreasing the chances of affected victims to intervene.

"Investigators have in fact found artifacts indicating that affected networks have been compromised in some manner by various attackers for several months before the ransomware is deployed, showing that these attacks are successful and unresolved in networks where diligence in security controls and monitoring is not applied," said researchers.

"If these alerts are immediately prioritized, security operations teams can better mitigate attacks and prevent the ransomware payload," said researchers.

News URL

https://threatpost.com/next-gen-ransomware-packs-a-human-punch-microsoft-warns/153501/