Posted by: kurtsh | July 8, 2022

INFO: Microsoft DART ransomware approach and best practices

Wanna know how Microsoft’s cybersecurity shocktroopers address threats on our customer’s networks when they are concerned about a breach, Ransomware or some other security incident?

That’s the DART. DART provides onsite reactive incident response and remote proactive investigations.

imageHuman-operated ransomware is not a malicious software problem—it’s a human criminal problem. The solutions used to address commodity problems aren’t enough to prevent a threat that more closely resembles a nation-state threat actor who:

  • Disables or uninstalls your antivirus software before encrypting files
  • Disables security services and logging to avoid detection
  • Locates and corrupts or deletes backups before sending a ransom demand

These actions are commonly done with legitimate programs that you might already have in your environment for administrative purposes. In criminal hands, these tools are used maliciously to carry out attacks.

Responding to the increasing threat of ransomware requires a combination of modern enterprise configuration, up-to-date security products, and the vigilance of trained security staff to detect and respond to the threats before data is lost.

The Microsoft Detection and Response Team (DART) responds to security compromises to help customers become cyber-resilient. DART provides onsite reactive incident response and remote proactive investigations. DART leverages Microsoft’s strategic partnerships with security organizations around the world and internal Microsoft product groups to provide the most complete and thorough investigation possible.

This article describes how DART handles ransomware attacks for Microsoft customers so that you can consider applying elements of their approach and best practices for your own security operations playbook.

See these sections for the details:

Read more here:


%d bloggers like this: