How M365 Can Guard Your Environment Against Ransomware
By Mike Brimberry
Published January 7, 2023
Estimated Reading Time: 4 minutes

Ransomware is malicious software that blocks access to a computer system or files unless a sum of money is paid.

Ransomware twists the power of encryption against you. Encryption should protect your data and files, but ransomware uses it to take files hostage. You’re locked out of your documents, spreadsheets, photos and videos, and other important files until you pay.

An infected PC can also spread the ransomware to other computers on your network, without sufficient endpoint network threat protection.

Example scenario

Your employee receives an email from a friend. It includes a link to a video that shows how to make boiled eggs into heart shapes using chopsticks. Intrigued, your employee follows the link and is asked to click “Run”.

Later that day, everything on their screen starts changing colors. A window appears, informing them that all the files on the computer have been hijacked and encrypted.

They won’t be able to access anything, unless they pay a ransom. If they choose to not pay, they may never get access to the files again.

3 ways Microsoft 365 Business Premium protects your company against ransomware

Microsoft 365 Business Premium helps protect against malware and other malicious content sent via email. All messages with unknown attachments are routed to a special “sandbox” environment. If suspicious activity is detected, the attachment is not delivered.

Additionally, the Safe Links feature helps protect against malicious links in emails by checking the hyperlink each time it is clicked. If the destination is deemed malicious, it is blocked.

Microsoft Defender prevents unauthorized access to common folders such as Desktop or Documents. Unauthorized apps, scripts, and executable files won’t be allowed access. Ransomware that attempts to encrypt your files in these locations will be blocked.

Microsoft 365 Business Premium also helps recover files in the event of a successful ransomware attack. Files stored in OneDrive for Business (the cloud storage service included in Microsoft 365 Business Premium) are automatically versioned. This allows you to recover versions of items that pre-date their encryption by the ransomware, with just a few clicks.

Microsoft’s Approach and Commitment to Enhancing Security

Ransomware continues to evolve and impact many types of devices in different environments. However, Microsoft also continues to invest in innovative solutions to strengthen business endpoint security against ransomware and other threats. Here are some key benefits to using Microsoft solutions:

  • Microsoft’s security solutions are built into their products, so there is nothing additional to deploy or manage.
  • Microsoft spends over $1 billion annually on security alone.
  • Microsoft’s analytics and cloud-based capabilities use advanced data science approaches to make sense of the world’s largest set of threat-related optics. Those optics are then turned into actionable intelligence that their defenses can react to.
  • Microsoft Defender pre- and post-breach defenses are built deep in the OS making them resistant to tampering by malware and hackers.

Industry Considerations

Ransomware can have serious consequences for businesses across all industries. An attack can disrupt critical business processes and cause significant financial impact. Being aware of how attacks may target your industry will help you implement a robust endpoint cybersecurity strategy to protect against them.


Threat actors know the value of patient health information. The organization may face a HIPAA violation if the PHI is exposed, and having it held hostage by ransomware can create a life or death situation for the patient.

These factors make health care organizations attractive targets. They are motivated to return to normal operations as soon as possible, so they are willing to pay and quickly.

Understanding the attack vectors and vulnerabilities will help you identify critical areas to bolster endpoint threat detection and protect your systems.

Financial Services

Financial services are targets for unique attacks. Besides encrypting and holding data for ransom, attackers may also leverage an “extortion only attack” by exfiltrating your data and threatening to leak it online. Backups will not protect against this type of attack, for obvious reasons.

Repairing your company’s reputation after an attack is costly. Not only will your company potentially face hefty regulatory fines, you’ll have to rebuild trust with your clients.

With the ransomware-as-a-service model, attackers are more capable than ever. The increase in ransomware attacks makes this clear.


Manufacturers frequently use hardware that is older or no longer supported, due to some products requiring specific tools to be manufactured. Cyber criminals will leverage any weakness available to target your organization, and systems like these are vulnerable to exploits since many cannot be patched.

Having an inventory of systems and risks allows you to prioritize your defensive safeguards. Defender for IoT and the complimentary tools can provide agentless monitoring of devices and response capabilities in a unified endpoint security solution.

Legal Services

Legal firms tend to be more vulnerable than other businesses. Law firms hold an abundance of corporate and personal data that is attractive to threat actors. Merger and acquisition work, tax information, confidential corporate data, and other litigation material can easily harm your firm’s reputation and financial standing if breached.

A strategic framework of endpoint security tools and controls should be top of mind in this industry. Fortunately, many organizations already have Microsoft licensing and therefore the tools needed to interrupt cyberattacks.


The energy sector is hit hard by ransomware. Disruptions often threaten the bottom line and pose immediate impact to business operations. Attacks usually involve critical infrastructure that serves whole cities or regions, such as electricity, fuel, and water filtration.

A unique aspect of securing these organizations, is the physical location containing both IT and OT technology. Operation of these physical systems which control large motors and machines, must ensure human safety. As with manufacturing, you need robust capabilities to protect systems for continued operations.


The construction industry is a top target of ransomware attackers. Companies either move away from older technology slowly, or they have no plans to upgrade and use older systems to interconnect with the rest of the world.

IT and security needs have slowly progressed forward in construction, with many companies waking up to newer interconnected smart devices in the field. However, IoT devices being connected to the cloud and organizational data have brought new challenges for companies to secure.

Ransomware attackers know construction companies cannot afford operations to shutdown, as delays drastically reduce profit margins. Your Microsoft investment should be focused to protect your critical systems and data.

Endpoint Security Using Our VCISO Services

Is your environment vulnerable to ransomware? When you use our vCISO services, you’ll identify key vulnerabilities (like ransomware) in your environment and create an expert strategy to close your holes. You’ll save your team the time, budget, and consequences of focusing on the wrong solutions. Plus, you’ll get access a full year of our expert guidance to help you improve.

Here’s everything that’s included for a year:   

  • Model’s cybersecurity assessment   
  • 24×7 access to the Model vCISO portal   
  • Monthly vCSIO meetings with Model’s expert cybersecurity director

If you’re concerned that personal devices might be a threat, you can learn more about the service here.

Article By Mike Brimberry
Mike is the Director of Cybersecurity at Model Technology solutions. Mike has over 20 years working experience for large and small organizations in service desk, endpoint management, data center, cloud, Cybersecurity, IT leadership and service delivery. He loves to travel, cook, listen to beach music, and he's a self-proclaimed Disney expert in addition to his numerous other areas of expertise. He currently lives in southern Illinois with his wife and 5 kids.

Related Posts