Ransomware delivering a “motley crew” of payloads is straining security operations especially in health care, Microsoft warned, urging security teams to look for signs of credential theft and lateral movement activities that herald attacks.

Examination of an uptick in ransomware attacks during the first two weeks “showed that many of the compromises that enabled these attacks occurred earlier,” the company’s Microsoft Threat Protection Intelligence Team wrote in a blog post. “Using an attack pattern typical of human-operated ransomware campaigns, attackers have compromised target networks for several months beginning earlier this year and have been waiting to monetize their attacks by deploying ransomware when they would see the most financial gain,” the team explained.

Many attacks begin by exploiting vulnerable internet-facing network devices, taking advantage of Remote Desktop Protocol (RDP) or Virtual Desktop endpoints without multi-factor authentication (MFA), older, unsupported platforms, misconfigured web servers and Citrix Application Deliver Controller systems and Pulse Secure VPN systems affected by vulnerabilities.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.