Microsoft announces new ransomware detection features for Azure

The Fusion detection for ransomware correlates alerts that are potentially associated with ransomware activities.
Written by Jonathan Greig, Contributor

Microsoft has unveiled a new ransomware detection feature for its Azure customers that will send alerts to security teams when the system observes actions "potentially associated with ransomware activities."

Microsoft's Sylvie Liu said Azure worked with the Microsoft Threat Intelligence Center to create Fusion detection for ransomware in a blog post. Microsoft's Fusion technology uses machine learning to find potential attacks in progress and alert security teams.

The system will send alerts when it sees ransomware activities at "defense evasion and execution stages during a specific timeframe."

Liu explained that the system would send messages like "Multiple alerts possibly related to Ransomware activity detected" in the Azure Sentinel workspace. 

The alerts will explain what happened and on which devices or hosts the actions were seen. The Fusion system will correlate data from Azure Defender (Azure Security Center), Microsoft Defender for Endpoint, Microsoft Defender for Identity, Microsoft Cloud App Security and Azure Sentinel scheduled analytics rules. 

A report from cybersecurity firm BlackFog released on Monday found that ransomware attacks on government organizations and schools are continuing to increase in 2021, both of which deploy thousands of Microsoft machines. 

Liu cited a report from PurpleSec that estimated ransomware attacks in 2020 caused $20 billion worth of damage and increased downtime by 200%

"Preventing such attacks in the first place would be the ideal solution, but with the new trend of 'ransomware as a service' and human-operated ransomware, the scope and the sophistication of attacks are increasing -- attackers are using slow and stealth techniques to compromise the network, which makes it harder to detect them in the first place," Liu said. 

"When it comes to ransomware attacks, time more than anything else is the most important factor in preventing more machines or the entire network from getting compromised. The sooner such alerts are raised to security analysts with the details on various attacker activities, the faster the ransomware attacks can be contained and remediated." 

In July, Microsoft's 365 Defender Research Team revealed three vulnerabilities in Netgear routers that could have led to data leaks of a full system compromise. The vulnerabilities were patched earlier this year.  

Editorial standards