A new report from Microsoft analyzes the evolving nature of the ransomware business into a ransomware as a service (RaaS) model and offers important lessons and recommendations for network defenders. The most notable finding, among others, is that over 80 percent of ransomware attacks can be traced to common configuration errors in software and devices. The RaaS model lowers the barrier to entry and obfuscates the identity of the attackers behind the ransomware. Microsoft also found that in almost every observed ransomware incident, “at least one system exploited in the attack had missing or misconfigured security products that allowed intruders to tamper with or disable certain protections.” Misconfigured applications, typically in “legacy” default state, are exploited by attackers which can provide them with access across entire organizations. According to Microsoft, the median time for an attacker to begin moving laterally inside a network after device compromise is one hour, 42 minutes, while the median time for an attacker to access private data following a phishing attack is one hour, 12 minutes. To defend against ransomware attacks, members are encouraged to make sure all systems are up to date, conduct regular patch management, enhance credential hygiene, and regularly reference CISA's StopRansomware page for more guidance and resources. Read more at Info-Security or access the full report at Microsoft.