Security News > 2021 > December > Microsoft: Secured-core servers help prevent ransomware attacks
Microsoft says the first Secured-core certified Windows Server and Microsoft Azure Stack HCI devices are now available to protect customers' networks from security threats, including ransomware attacks.
The newly certified Secured-core servers use Secure boot and the Trusted Platform Module 2.0 to ensure that only trusted will be able to load on boot.
By blocking credential theft attempts, Secured-core servers can help make it much harder for threat actors to move laterally through the network, thus stopping their attacks before they can gain persistence and deploy their payloads.
Secured-core servers would have stopped RobbinHood Ransomware operators from exploiting a vulnerable GIGABYTE driver to elevate privileges and install malicious unsigned Windows drivers.
Dozens of models with Secured-core server functionality are now available in the Azure Stack HCI catalog and the Windows Server Catalog lists.
Redmond first announced that Windows Server 2022 will expand Secured-core to the Windows Server platform when the new release entered preview in March.
News URL
Related news
- Ransomware gangs exploit Paragon Partition Manager bug in BYOVD attacks (source)
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- New ClickFix attack deploys Havoc C2 via Microsoft Sharepoint (source)
- Hunters International ransomware claims attack on Tata Technologies (source)
- Microsoft Teams tactics, malware connect Black Basta, Cactus ransomware (source)
- Toronto Zoo shares update on last year's ransomware attack (source)
- Over 37,000 VMware ESXi servers vulnerable to ongoing attacks (source)
- Like whitebox servers, rent-a-crew crime 'affiliates' have commoditized ransomware (source)
- Microsoft: North Korean hackers join Qilin ransomware gang (source)
- Ransomware gang creates tool to automate VPN brute-force attacks (source)