Posted by: kurtsh | June 22, 2016

INFO: Office 365 & Ransomware Preparedness

imageI was recently asked a couple questions about Ransomware & Office 365 that I thought might be useful for others interested in the same topic.


Re: Are there any specific things customers should consider re: Ransomware between onprem vs cloud?

The Office 365 Security blog has a specific post that talks about this topic.  Please review the following post from Office 365 Security:


Re: Anything to be said about ransomware preparedness?

Please review the following:

We have specific guidance on the Ransomware prepared on the Microsoft Malware Protection Center, specifically a LIVING page summarizing our Threat Intelligence Reports which has specific areas that address:

  • Ransomware statistics
  • Ransomware characteristics
  • Ransomware analysis
  • Ransomware mitigateion
  • Ransomware prevalent threats

Again, this content is living and is constantly updated. Notifications are available via RSS.  Please review this content here:

We also have a dedicated page to Ransomware on the MMPC site:

There is also an initial post on our CyberTrust blog kicking off a special series of articles about the Ransomware threat entitled, “Understanding the Risk” written by Tim Rains, our Director of Security at Microsoft.  It touches on everything from tactics to coming threats and he specifically closes with guidance around what to do to prepare:

“I asked some of the experts in Microsoft’s Enterprise Cybersecurity Group to provide some guidance based on the work they are doing to help enterprise customers protect, detect and respond to ransomware cases. The Enterprise Cybersecurity Group has unique, industry-leading cybersecurity expertise from client to cloud that I’m excited to tap. They have helped numerous enterprise customers protect, detect and respond to some of the most sophisticated ransomware attacks to date. This experience informs their approach, something partially summarized in the table below.”

Again, this is just the first article in the series.  Read more at :

Recently a post was made on the MMPC Threat Research & Response blog around Ransomware.  It has guidance toward the end that specifically recommends, “Enable Microsoft Active Protection Service (MAPS) to get the latest cloud-based ransomware detection and blocking.” (

Please review this post for more:

Finally, I have an introductory 50-slide deck from Microsoft Consulting Service’s Cybersecurity team ( which provides some insight as to how our Cybersecurity approaches ransomware as well as an overview of the services that Microsoft has available to address the matter as well as the guidance we have specifically around Ransomware.  They have a very thorough approach to ransomware and are brought in on contract to help customers prepare for the threat, or address ransomware once it’s landed.

If you’re a customer of mine that is interested in this deck, please let me know.


%d bloggers like this: