The Microsoft Threat Intelligence Center (MSTIC) and Azure have announced their newest Fusion Detection for Ransomware.
When encountering ransomware attacks, it is important to consider the timeframe when taking immediate actions to block and prevent the entire network from the attack. The best thing about Microsoft's Fusion technology is it gives security analysts a signal and opportunity to understand suspicious activities right away.
When triggered by the attack, the system will send alerts and messages to your Azure Sentinel workspace like "Multiple alerts possibly related to Ransomware activity detected".
The fusion system and the alerts will provide an explanation about what happened. It correlates data and signals from Microsoft security products and other networks such as Azure Defender (Azure Security Center), Microsoft Defender for Endpoint, Microsoft Defender for Identity, Microsoft Cloud App Security and Azure Sentinel scheduled analytics rules. The estimated Global damage cost of ransomware attacks in 2020 was $20 billion and its Downtime increased by 200% year over year, and the average cost on businesses was $133,000. To ward off the network from these ransomware attacks and cost damages, it is best to use a system that would capture malicious activities at the defense evasion and execution stages of an attack.