Demystifying Ransomware Attacks Against Microsoft Defender Solution
By TanTran
Published: 2020-11-25 · Archived: 2026-04-06 01:17:46 UTC
1. Microsoft Community Hub
2.
3. Core Infrastructure and Security
4. Core Infrastructure and Security Blog
Blog Post
Core Infrastructure and Security Blog
8 MIN READ
Nov 24, 2020
Hi IT Pros,
As you have known it, Ransomware is in the aggravated assault mode at this time of year 2020, the joint cybersecurity
advisory comes from the Cybersecurity Infrastructure and Security Agency (CISA), the Federal Bureau of Investigation
(FBI), and the Department of Health and Human Services (HHS) have just given a serious warning about Ransomware
Threat as shown in the following announcement:
Debut in August of 2018, the Ransomware Ryuk gained shocking attention in 2019, Ryuk gangs demanded multi-million-dollar ransoms from victims, among them are companies, hospitals, and local governments. The actors are able to pocket
over $61 million just in the US alone, according to FBI's report.
Check Point, a security software vendor also noted that the gang was attacking on an average of 20 companies every week in
the third quarter of 2020.
Sean Gallagher from Sophos Lab, gave us the story about a typical Ryuk and Conti Ransomeware attack.
The attack began on the afternoon of Tuesday. September 22,2020 when multiple employees of the targeted company
had received highly targeted phishing emails.
The email was tagged with external sender warnings by the company’s mail software. The link, served up through the
mail delivery service Sendgrid, redirected to a malicious document hosted on docs.google.com.
Multiple instances of the malicious attachment were detected and blocked. But there was one employee who clicked on the
link in the email that afternoon, allowing the outlook mail to  execute "print_document.exe", a malicious executable file
identified as Buer Loader.
The Buer Loader malware dropped qoipozincyusury.exe, a Cobalt Strike “beacon,” along with other malware files.
Cobalt Strike’s beacon makes a covert connection to the command and control of hackers.
By Wednesday morning the actors had obtained administrative credentials and had connected to the Domain Controller
Server, where they performed a data dump of Active Directory records.
Data dump to an Admin User directory was most likely accomplished using "SharpHound".
SharpHound is the official data collector for BloodHound. It is written in C# and uses native Windows API functions and
LDAP namespace functions to collect data from domain controllers
Ransomware attack is now ready to remotely deploy to other servers using WMI, Powershell and Remote Desktop
RDP
Next, the "SystemBC", a malicious proxy was deployed on the domain controller. SystemBC is a SOCKS5 proxy
used to conceal malware traffic that shares code and forensic markers with other malware from the Trickbot family. 
The malware installed itself (as itvs.exe), and created a scheduled job for the malware, using the old Windows task
scheduler format in a file named itvs.job—in order to maintain persistence.
The organizational backup server was among the first target. The attackers used the icacls command to modify access
control, giving them full control of all the system folders on the server. GMER is frequently used by ransomware
actors to find and shut down hidden processes, and to shut down antivirus software protecting the server.
https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/demystifying-ransomware-attacks-against-microsoft-defender/ba-p/1928947
Page 1 of 40

Ryuk ransomware was redeployed and re-launched three more times in short order after each failed attempt, no files were
encrypted.
Lesson Learn
 The actor could repeat the attack multiple times with different variants of Ryuk, the attack period could be prolonged
for days or weeks with multiple backdoors been used.
Response time is critical to prevent damage from further steps down the path of attacking sequence, from
reconnaissance, credential compromise to later movement, domain dominance and exfiltration, data encryption, data
deletion.
Team effort should be fully utilized during the attacking period.
If more resources are needed, Security Team could consult with online security support experts ASAP to form an
united front against hackers .
We need to stop the attack at the Cobalt Strike Beacon level (step 2 in the above Chart) when compromised system
starts connecting to outside command and control center of actor.
The attack also shows that Remote Desktop Protocol can be dangerous even when it is inside the firewall.
Proactive prevention with ASR rules for Office documents' macros could be an important factor to avoid the
ransomware attack right at step 0, by giving no attack opportunity . We should consider it as one good and needed
option to prevent ransomware attack. (see Attack Surface Reduction - ASR)
You may be worried and wonder how good the MD for Endpoint and MD for Identity could protect your systems from
ransomware.
Well, let us bring MD to the test. The most trusted industry test could be AV-Test from the Independent IT-Security Institute
in Magdeburg of Germany, who has been known as the owner of the largest malware database in the world, it has counted a
total of 1121.95 millions of malware to date (11/27/2020). Every day, the AV-TEST Institute registers over 350,000 new
malicious programs (malware) and potentially unwanted applications (PUA).
For Windows Systems Antivirus Products.  AV-Test conduct monthly tests against widespread and prevalent malware
discovered in the last 4 weeks, for example, the test-set of August 2020 included 21,851 (virus) samples, the test-set
of October 2020 included 12316 (virus) samples. AV-TEST creates identical and reproducible conditions for all the
antivirus products from all big AV vendors who join the test program.
MD for Endpoint continue getting AV-TEST top score monthly It scored 100% compared to the Industry average at
97.6% protection level against 339 different samples of " 0 day" malware type, the "unknown yet and newly appeared
in the field" malware type, tested for the month of May and June, 2020.
Microsoft Defender for Endpoint scored 100% compared to the Industry average at 98.8% protection level against
334 different samples of " 0 day" malware type, tested in September and October 2020, as shown in the following
image.
The test result table for all products based on protection, performance, usability scores is shown here, value of 6 is
the highest score:
Test antivirus software for Windows 10 - October 2020 | AV-TEST (av-test.org)
In its Security Report for 2019, AV-Test Lab gave the following conclusion:
… the embedded Windows defense systems proved to be reliable protection against automated mass malware. In the regular
certification tests over the past year (2018), Microsoft‘s consumer product, “Microsoft Defender Antivirus“ garnered the AV-TEST rating as “Top Product“ five out of six times. Which among other things was due to the reliable detection and
defensive performance against widely distributed and frequently occurring malware. The business solution from Microsoft
exhibited even better test results in 2019 and was even able to defend the title of “Top Product“ in six out of six annual
tests.
Microsoft Defender for Endpoint Simulation Attack
Now, let us conduct our own test using the MD for Endpoint - Evaluation Lab feature:
we will create at least 3 test devices run windows 10 and windows server 2019 as shown here:            
We run the " known ransomware infection" simulation by Safe breach for testmachine1
You may also want to run different attack simulations provided by Safebreach and AttackIQ for different devices
with " known ransomware infection" attack simulation , the following ransomware names are detected and alerted on test
machine1:
Click on WannaCrypt ransomware to show the details about malicious file named Llac.exe and how long it stayed before
being quarantined (3 minutes and 15 seconds):
https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/demystifying-ransomware-attacks-against-microsoft-defender/ba-p/1928947
Page 2 of 40

Click on Petya ransomware to show detail of malicious file named bdata.bin, it was existed within only 5 seconds and been
quarantined:
The ransomware attack overview and its entities are shown in the incident named “Multi-stage incident involving Initial
access & Discovery including Ransomware on multiple Endpoints” tree graph,
The Wanacry Ransomware file, llac.exe was blocked at source on testmachine1 with a total of 6 failed attempts.
The Wanacry Ransomware file, llac.exe was blocked at source on testserver3.
The Petya ransomware file, bdata.bin had been laterally spread out to testserver2 before it was stopped.
Ransomware Action MD for Endpoint and MD for Identity Alert
Malicious services were created on remote servers
using the same admin credentials, using WMI
Event to drop command payload.
MD for Endpoint Alert: WMI suspicious Event
PowerShell is used to download more malicious
payloads. MD for Endpoint Alert
Credential theft activity MD for Identity Alert about overpass the hash attack:
Impersonate action on privilege account and
privilege group membership by PowerShell script.
Alert by MD for Identity and displayed in Cloud App Security
Portal:
Keyboard hijack activity Alert by Defender for Endpoint:
Fileless attacks with memory payload.
These activities could be detected by AMSI, Microsoft’s Anti-Malware Scanning Interface, when it inspects the in-memory
process. MD for Endpoint raised the alert, details as follow:
Mimikatz was used as a credential theft tool, It
was detected and blocked from installation.
Mimikatz files were quarantined.
Alert by MD for Endpoint
Backdoor activity detected Alerted by MD for Endpoint:
Ransomware Payload and encryption activities are
prevented beforehand.
There is no domain dominant - alert event.
There is no encryption - alert event.
 Ryuk Ransomware Prevention and Protection strategy provided by MD for Endpoint - Threat Analytics.
Microsoft Defender for Endpoint Analytics proposed an analyst report and mitigation (plan) against the Ryuk ransomware.
Each of the attack step in Ryuk’s killing chain is mapped to the protection measures which include Antivirus-EDR (MD for
Endpoint), Azure ATP (MD for Identity), Multi Factors Authentication MFA, Attack Surface Reduction rules for Office
Macro, Windows Host Firewall, and Tamper Protection Security Policy.
The detail of Ryuk attack based on MITRE ATT&CK process is shown in the following image, each Ransomware action
step of the attack sequence was mapped to one or multiple counter attack measure:
Mitigations provided by MD for Endpoint - Threat Analytics
1. Apply these mitigations to reduce the impact of this threat:
Utilize the Microsoft Defender Firewall and your network firewall to prevent RPC and SMB communication among
endpoints whenever possible. This limits lateral movement as well as other attack activities.
Turn on tamper protection features to prevent attackers from stopping security services.
https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/demystifying-ransomware-attacks-against-microsoft-defender/ba-p/1928947
Page 3 of 40

Enforce strong, randomized local administrator passwords. Use tools like LAPS.
Monitor for clearing of event logs. Windows generates a security event ID 1102 when this occurs.
Ensure internet-facing assets have the latest security updates. Audit these assets regularly for suspicious activity.
Determine where highly privileged accounts are logging on and exposing credentials. Monitor and investigate logon
events (event ID 4624) for logon type attributes. Highly privileged accounts should not be present on workstations.
Turn on cloud-delivered protection and automatic sample submission on Microsoft Defender Antivirus. These
capabilities use artificial intelligence and machine learning to quickly identify and stop new and unknown threats.
Turn on attack surface reduction rules, including rules that block credential theft, ransomware activity, and suspicious
use of PsExec and WMI.
2. Check the recommendations card for the deployment status of monitored mitigations in “Threat & Vulnerability
Management” under “Remediation”.
If Security Administrators enable EDR and all features of Defender, setup alert notification and completely finish all of the
Defender Endpoint and Defender Identity’s remediation plans against each ransomware and malware, then, I guess, our
colleagues may have a much better sleep at night, knowing that their systems are safe and well protected from ransomware
and other malware threats.
To get it upto the "100%"  level of protection, your defender strategy should always include Windows 10 Defender Guard
(Application Guard, Credential Guard, Exploit Guard with Attack Surface Reduction rules, System Guard, …) together with
MD for Endpoint, to be deployed on workstations and servers and MD for Identity applied to all domain controllers, it is
part of the defense strategy and included in M365 E5 license. You may want to check the blog articles related to Microsoft
Defender for Identity setup and operation.
I hope the info is useful,
Have a valuable time with your Defender!
___________________________________
Reference:
 Sophos Lab inside a new Ryuk ransomware attack
 Splunk three key ways to get started combating ransomware
 AV-Test Antivirus for business windows client
 Microsoft Defender for Identity Playbook Lab Overview
 Microsoft Defender for Identity working with suspicious activities
 Microsoft Threat Protection leads real-world detection in MITRE ATT&CK evaluation
Malware Lateral Movement Alert
Updated Jun 17, 2021
Version 27.0
"}},"componentScriptGroups({\"componentId\":\"custom.widget.SocialSharing\"})":
{"__typename":"ComponentScriptGroups","scriptGroups":
{"__typename":"ComponentScriptGroupsDefinition","afterInteractive":
{"__typename":"PageScriptGroupDefinition","group":"AFTER_INTERACTIVE","scriptIds":[]},"lazyOnLoad":
{"__typename":"PageScriptGroupDefinition","group":"LAZY_ON_LOAD","scriptIds":[]}},"componentScripts":
[]},"component({\"componentId\":\"custom.widget.MicrosoftFooter\"})":
{"__typename":"Component","render({\"context\":{\"component\":{\"entities\":[],\"props\":{}},\"page\":{\"entities\":
[\"message:1928947\"],\"name\":\"BlogMessagePage\",\"props\":
{},\"url\":\"https://techcommunity.microsoft.com/blog/coreinfrastructureandsecurityblog/demystifying-ransomware-attacks-against-microsoft-defender-solution/1928947\"}}})":{"__typename":"ComponentRenderResult","html":"
"}},"componentScriptGroups({\"componentId\":\"custom.widget.MicrosoftFooter\"})":
{"__typename":"ComponentScriptGroups","scriptGroups":
{"__typename":"ComponentScriptGroupsDefinition","afterInteractive":
{"__typename":"PageScriptGroupDefinition","group":"AFTER_INTERACTIVE","scriptIds":[]},"lazyOnLoad":
{"__typename":"PageScriptGroupDefinition","group":"LAZY_ON_LOAD","scriptIds":[]}},"componentScripts":
[]},"cachedText({\"lastModified\":\"1775111751202\",\"locale\":\"en-US\",\"namespaces\":
[\"components/community/NavbarDropdownToggle\"]})":[{"__ref":"CachedAsset:text:en_US-components/community/NavbarDropdownToggle-1775111751202"}],"cachedText({\"lastModified\":\"1775111751202\",\"locale\":\"en-US\",\"namespaces\":
[\"components/messages/MessageCoverImage\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageCoverImage-1775111751202"}],"cachedText({\"lastModified\":\"1775111751202\",\"locale\":\"en-US\",\"namespaces\":
[\"shared/client/components/nodes/NodeTitle\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/nodes/NodeTitle-https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/demystifying-ransomware-attacks-against-microsoft-defender/ba-p/1928947
Page 4 of 40

1775111751202"}],"cachedText({\"lastModified\":\"1775111751202\",\"locale\":\"en-US\",\"namespaces\":
[\"components/messages/MessageTimeToRead\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageTimeToRead-1775111751202"}],"cachedText({\"lastModified\":\"1775111751202\",\"locale\":\"en-US\",\"namespaces\":
[\"components/messages/MessageSubject\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageSubject-1775111751202"}],"cachedText({\"lastModified\":\"1775111751202\",\"locale\":\"en-US\",\"namespaces\":
[\"components/users/UserLink\"]})":[{"__ref":"CachedAsset:text:en_US-components/users/UserLink-1775111751202"}],"cachedText({\"lastModified\":\"1775111751202\",\"locale\":\"en-US\",\"namespaces\":
[\"shared/client/components/users/UserRank\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/users/UserRank-1775111751202"}],"cachedText({\"lastModified\":\"1775111751202\",\"locale\":\"en-US\",\"namespaces\":
[\"components/messages/MessageTime\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageTime-1775111751202"}],"cachedText({\"lastModified\":\"1775111751202\",\"locale\":\"en-US\",\"namespaces\":
[\"components/messages/MessageBody\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageBody-1775111751202"}],"cachedText({\"lastModified\":\"1775111751202\",\"locale\":\"en-US\",\"namespaces\":
[\"components/messages/MessageCustomFields\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageCustomFields-1775111751202"}],"cachedText({\"lastModified\":\"1775111751202\",\"locale\":\"en-US\",\"namespaces\":
[\"components/messages/MessageRevision\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageRevision-1775111751202"}],"cachedText({\"lastModified\":\"1775111751202\",\"locale\":\"en-US\",\"namespaces\":
[\"shared/client/components/common/QueryHandler\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/common/QueryHandler-1775111751202"}],"cachedText({\"lastModified\":\"1775111751202\",\"locale\":\"en-US\",\"namespaces\":
[\"components/tags/TagList\"]})":[{"__ref":"CachedAsset:text:en_US-components/tags/TagList-1775111751202"}],"cachedText({\"lastModified\":\"1775111751202\",\"locale\":\"en-US\",\"namespaces\":
[\"components/messages/MessageReplyButton\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageReplyButton-1775111751202"}],"cachedText({\"lastModified\":\"1775111751202\",\"locale\":\"en-US\",\"namespaces\":
[\"components/messages/MessageAuthorBio\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageAuthorBio-1775111751202"}],"cachedText({\"lastModified\":\"1775111751202\",\"locale\":\"en-US\",\"namespaces\":
[\"shared/client/components/users/UserAvatar\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/users/UserAvatar-1775111751202"}],"cachedText({\"lastModified\":\"1775111751202\",\"locale\":\"en-US\",\"namespaces\":
[\"shared/client/components/ranks/UserRankLabel\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/ranks/UserRankLabel-1775111751202"}],"cachedText({\"lastModified\":\"1775111751202\",\"locale\":\"en-US\",\"namespaces\":
[\"components/tags/TagView/TagViewChip\"]})":[{"__ref":"CachedAsset:text:en_US-components/tags/TagView/TagViewChip-1775111751202"}],"cachedText({\"lastModified\":\"1775111751202\",\"locale\":\"en-US\",\"namespaces\":
[\"components/users/UserRegistrationDate\"]})":[{"__ref":"CachedAsset:text:en_US-components/users/UserRegistrationDate-1775111751202"}],"cachedText({\"lastModified\":\"1775111751202\",\"locale\":\"en-US\",\"namespaces\":
[\"shared/client/components/nodes/NodeAvatar\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/nodes/NodeAvatar-1775111751202"}],"cachedText({\"lastModified\":\"1775111751202\",\"locale\":\"en-US\",\"namespaces\":
[\"shared/client/components/nodes/NodeDescription\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/nodes/NodeDescription-1775111751202"}],"cachedText({\"lastModified\":\"1775111751202\",\"locale\":\"en-US\",\"namespaces\":
[\"shared/client/components/nodes/NodeIcon\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/nodes/NodeIcon-1775111751202"}]},"Theme:customTheme1":
{"__typename":"Theme","id":"customTheme1"},"User:user:-1":
{"__typename":"User","id":"user:-1","entityType":"USER","eventPath":"community:gxcuf89792/user:-1","uid":-1,"login":"Anonymous","email":"","ava
{"__typename":"RegistrationData","status":"ANONYMOUS","registrationTime":null,"confirmEmailStatus":false,"registrationAccessLevel":"VIEW","ss
[]},"ssoId":null,"profileSettings":{"__typename":"ProfileSettings","dateDisplayStyle":
{"__typename":"InheritableStringSettingWithPossibleValues","key":"layout.friendly_dates_enabled","value":"false","localValue":"true","possibleValues"
["true","false"]},"dateDisplayFormat":
{"__typename":"InheritableStringSetting","key":"layout.format_pattern_date","value":"MMM dd yyyy","localValue":"MM-dd-yyyy"},"language":{"__typename":"InheritableStringSettingWithPossibleValues","key":"profile.language","value":"en-US","localValue":null,"possibleValues":["en-US","es-ES"]},"repliesSortOrder":
{"__typename":"InheritableStringSettingWithPossibleValues","key":"config.user_replies_sort_order","value":"DEFAULT","localValue":"DEFAULT","po
["DEFAULT","LIKES","PUBLISH_TIME","REVERSE_PUBLISH_TIME"]}},"deleted":false},"CachedAsset:pages-1775111737649":{"__typename":"CachedAsset","id":"pages-1775111737649","value":
https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/demystifying-ransomware-attacks-against-microsoft-defender/ba-p/1928947
Page 5 of 40

[{"lastUpdatedTime":1775111737649,"localOverride":null,"page":
{"id":"BlogViewAllPostsPage","type":"BLOG","urlPath":"/category/:categoryId/blog/:boardId/all-posts/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},
{"lastUpdatedTime":1775111737649,"localOverride":null,"page":
{"id":"CasePortalPage","type":"CASE_PORTAL","urlPath":"/caseportal","__typename":"PageDescriptor"},"__typename":"PageResource"},
{"lastUpdatedTime":1775111737649,"localOverride":null,"page":
{"id":"CreateGroupHubPage","type":"GROUP_HUB","urlPath":"/groups/create","__typename":"PageDescriptor"},"__typename":"PageResource"},
{"lastUpdatedTime":1775111737649,"localOverride":null,"page":
{"id":"CaseViewPage","type":"CASE_DETAILS","urlPath":"/case/:caseId/:caseNumber","__typename":"PageDescriptor"},"__typename":"PageResource
{"lastUpdatedTime":1775111737649,"localOverride":null,"page":
{"id":"InboxPage","type":"COMMUNITY","urlPath":"/inbox","__typename":"PageDescriptor"},"__typename":"PageResource"},
{"lastUpdatedTime":1775111737649,"localOverride":null,"page":
{"id":"HelpFAQPage","type":"COMMUNITY","urlPath":"/help","__typename":"PageDescriptor"},"__typename":"PageResource"},
{"lastUpdatedTime":1775111737649,"localOverride":null,"page":
{"id":"IdeaMessagePage","type":"IDEA_POST","urlPath":"/idea/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename"
{"lastUpdatedTime":1775111737649,"localOverride":null,"page":
{"id":"IdeaViewAllIdeasPage","type":"IDEA","urlPath":"/category/:categoryId/ideas/:boardId/all-ideas/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},
{"lastUpdatedTime":1775111737649,"localOverride":null,"page":
{"id":"LoginPage","type":"USER","urlPath":"/signin","__typename":"PageDescriptor"},"__typename":"PageResource"},
{"lastUpdatedTime":1775111737649,"localOverride":null,"page":
{"id":"WorkstreamsPage","type":"COMMUNITY","urlPath":"/workstreams","__typename":"PageDescriptor"},"__typename":"PageResource"},
{"lastUpdatedTime":1775111737649,"localOverride":null,"page":
{"id":"BlogPostPage","type":"BLOG","urlPath":"/category/:categoryId/blogs/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageRes
{"lastUpdatedTime":1775111737649,"localOverride":null,"page":
{"id":"UserBlogPermissions.Page","type":"COMMUNITY","urlPath":"/c/user-blog-permissions/page","__typename":"PageDescriptor"},"__typename":"PageResource"},
{"lastUpdatedTime":1775111737649,"localOverride":null,"page":
{"id":"ThemeEditorPage","type":"COMMUNITY","urlPath":"/designer/themes","__typename":"PageDescriptor"},"__typename":"PageResource"},
{"lastUpdatedTime":1775111737649,"localOverride":null,"page":
{"id":"TkbViewAllArticlesPage","type":"TKB","urlPath":"/category/:categoryId/kb/:boardId/all-articles/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},
{"lastUpdatedTime":1730819800000,"localOverride":null,"page":
{"id":"AllEvents","type":"CUSTOM","urlPath":"/Events","__typename":"PageDescriptor"},"__typename":"PageResource"},
{"lastUpdatedTime":1775111737649,"localOverride":null,"page":
{"id":"OccasionEditPage","type":"EVENT","urlPath":"/event/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename
{"lastUpdatedTime":1775111737649,"localOverride":null,"page":
{"id":"OAuthAuthorizationAllowPage","type":"USER","urlPath":"/auth/authorize/allow","__typename":"PageDescriptor"},"__typename":"PageResource
{"lastUpdatedTime":1775111737649,"localOverride":null,"page":
{"id":"PageEditorPage","type":"COMMUNITY","urlPath":"/designer/pages","__typename":"PageDescriptor"},"__typename":"PageResource"},
{"lastUpdatedTime":1775111737649,"localOverride":null,"page":
{"id":"PostPage","type":"COMMUNITY","urlPath":"/category/:categoryId/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResou
{"lastUpdatedTime":1775111737649,"localOverride":null,"page":
{"id":"CreateUserGroup.Page","type":"COMMUNITY","urlPath":"/c/create-user-group/page","__typename":"PageDescriptor"},"__typename":"PageResource"},
{"lastUpdatedTime":1775111737649,"localOverride":null,"page":
{"id":"ForumBoardPage","type":"FORUM","urlPath":"/category/:categoryId/discussions/:boardId","__typename":"PageDescriptor"},"__typename":"Pag
{"lastUpdatedTime":1775111737649,"localOverride":null,"page":
{"id":"TkbBoardPage","type":"TKB","urlPath":"/category/:categoryId/kb/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},
{"lastUpdatedTime":1775111737649,"localOverride":null,"page":
{"id":"EventPostPage","type":"EVENT","urlPath":"/category/:categoryId/events/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageR
{"lastUpdatedTime":1775111737649,"localOverride":null,"page":
{"id":"UserBadgesPage","type":"COMMUNITY","urlPath":"/users/:login/:userId/badges","__typename":"PageDescriptor"},"__typename":"PageResourc
{"lastUpdatedTime":1775111737649,"localOverride":null,"page":
{"id":"GroupHubMembershipAction","type":"GROUP_HUB","urlPath":"/membership/join/:nodeId/:membershipType","__typename":"PageDescriptor"}
{"lastUpdatedTime":1775111737649,"localOverride":null,"page":
{"id":"MaintenancePage","type":"COMMUNITY","urlPath":"/maintenance","__typename":"PageDescriptor"},"__typename":"PageResource"},
{"lastUpdatedTime":1775111737649,"localOverride":null,"page":
{"id":"IdeaReplyPage","type":"IDEA_REPLY","urlPath":"/idea/:boardId/:messageSubject/:messageId/comments/:replyId","__typename":"PageDescripto
{"lastUpdatedTime":1775111737649,"localOverride":null,"page":
{"id":"UserSettingsPage","type":"USER","urlPath":"/mysettings/:userSettingsTab","__typename":"PageDescriptor"},"__typename":"PageResource"},
{"lastUpdatedTime":1775111737649,"localOverride":null,"page":
{"id":"GroupHubsPage","type":"GROUP_HUB","urlPath":"/groups","__typename":"PageDescriptor"},"__typename":"PageResource"},
{"lastUpdatedTime":1775111737649,"localOverride":null,"page":
https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/demystifying-ransomware-attacks-against-microsoft-defender/ba-p/1928947
Page 6 of 40

{"id":"ForumPostPage","type":"FORUM","urlPath":"/category/:categoryId/discussions/:boardId/create","__typename":"PageDescriptor"},"__typename":
{"lastUpdatedTime":1775111737649,"localOverride":null,"page":
{"id":"OccasionRsvpActionPage","type":"OCCASION","urlPath":"/event/:boardId/:messageSubject/:messageId/rsvp/:responseType","__typename":"Pag
{"lastUpdatedTime":1775111737649,"localOverride":null,"page":
{"id":"VerifyUserEmailPage","type":"USER","urlPath":"/verifyemail/:userId/:verifyEmailToken","__typename":"PageDescriptor"},"__typename":"PageR
{"lastUpdatedTime":1775111737649,"localOverride":null,"page":
{"id":"AllOccasionsPage","type":"OCCASION","urlPath":"/category/:categoryId/events/:boardId/all-events/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},
{"lastUpdatedTime":1775111737649,"localOverride":null,"page":
{"id":"EventBoardPage","type":"EVENT","urlPath":"/category/:categoryId/events/:boardId","__typename":"PageDescriptor"},"__typename":"PageResou
{"lastUpdatedTime":1775111737649,"localOverride":null,"page":
{"id":"TkbReplyPage","type":"TKB_REPLY","urlPath":"/kb/:boardId/:messageSubject/:messageId/comments/:replyId","__typename":"PageDescriptor"}
{"lastUpdatedTime":1775111737649,"localOverride":null,"page":
{"id":"IdeaBoardPage","type":"IDEA","urlPath":"/category/:categoryId/ideas/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"
{"lastUpdatedTime":1775111737649,"localOverride":null,"page":
{"id":"CommunityGuideLinesPage","type":"COMMUNITY","urlPath":"/communityguidelines","__typename":"PageDescriptor"},"__typename":"PageR
{"lastUpdatedTime":1775111737649,"localOverride":null,"page":
{"id":"CaseCreatePage","type":"SALESFORCE_CASE_CREATION","urlPath":"/caseportal/create","__typename":"PageDescriptor"},"__typename":"Pa
{"lastUpdatedTime":1775111737649,"localOverride":null,"page":
{"id":"TkbEditPage","type":"TKB","urlPath":"/kb/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageRes
{"lastUpdatedTime":1775111737649,"localOverride":null,"page":
{"id":"ForgotPasswordPage","type":"USER","urlPath":"/forgotpassword","__typename":"PageDescriptor"},"__typename":"PageResource"},
{"lastUpdatedTime":1775111737649,"localOverride":null,"page":
{"id":"IdeaEditPage","type":"IDEA","urlPath":"/idea/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageR
{"lastUpdatedTime":1775111737649,"localOverride":null,"page":
{"id":"TagPage","type":"COMMUNITY","urlPath":"/tag/:tagName","__typename":"PageDescriptor"},"__typename":"PageResource"},
{"lastUpdatedTime":1775111737649,"localOverride":null,"page":
{"id":"BlogBoardPage","type":"BLOG","urlPath":"/category/:categoryId/blog/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"
{"lastUpdatedTime":1775111737649,"localOverride":null,"page":
{"id":"OccasionMessagePage","type":"OCCASION_TOPIC","urlPath":"/event/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},
{"lastUpdatedTime":1775111737649,"localOverride":null,"page":
{"id":"ManageContentPage","type":"COMMUNITY","urlPath":"/managecontent","__typename":"PageDescriptor"},"__typename":"PageResource"},
{"lastUpdatedTime":1775111737649,"localOverride":null,"page":
{"id":"ClosedMembershipNodeNonMembersPage","type":"GROUP_HUB","urlPath":"/closedgroup/:groupHubId","__typename":"PageDescriptor"},"__t
{"lastUpdatedTime":1775111737649,"localOverride":null,"page":
{"id":"CommunityPage","type":"COMMUNITY","urlPath":"/","__typename":"PageDescriptor"},"__typename":"PageResource"},
{"lastUpdatedTime":1775111737649,"localOverride":null,"page":
{"id":"ForumMessagePage","type":"FORUM_TOPIC","urlPath":"/discussions/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"
{"lastUpdatedTime":1775111737649,"localOverride":null,"page":
{"id":"IdeaPostPage","type":"IDEA","urlPath":"/category/:categoryId/ideas/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResou
{"lastUpdatedTime":1730819800000,"localOverride":null,"page":
{"id":"CommunityHub.Page","type":"CUSTOM","urlPath":"/Directory","__typename":"PageDescriptor"},"__typename":"PageResource"},
{"lastUpdatedTime":1775111737649,"localOverride":null,"page":
{"id":"BlogMessagePage","type":"BLOG_ARTICLE","urlPath":"/blog/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typen
{"lastUpdatedTime":1775111737649,"localOverride":null,"page":
{"id":"RegistrationPage","type":"USER","urlPath":"/register","__typename":"PageDescriptor"},"__typename":"PageResource"},
{"lastUpdatedTime":1775111737649,"localOverride":null,"page":
{"id":"EditGroupHubPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId/edit","__typename":"PageDescriptor"},"__typename":"PageResource
{"lastUpdatedTime":1775111737649,"localOverride":null,"page":
{"id":"ForumEditPage","type":"FORUM","urlPath":"/discussions/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typena
{"lastUpdatedTime":1775111737649,"localOverride":null,"page":
{"id":"ResetPasswordPage","type":"USER","urlPath":"/resetpassword/:userId/:resetPasswordToken","__typename":"PageDescriptor"},"__typename":"Pa
{"lastUpdatedTime":1730819800000,"localOverride":null,"page":
{"id":"AllBlogs.Page","type":"CUSTOM","urlPath":"/blogs","__typename":"PageDescriptor"},"__typename":"PageResource"},
{"lastUpdatedTime":1775111737649,"localOverride":null,"page":
{"id":"TkbMessagePage","type":"TKB_ARTICLE","urlPath":"/kb/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename
{"lastUpdatedTime":1775111737649,"localOverride":null,"page":
{"id":"BlogEditPage","type":"BLOG","urlPath":"/blog/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"Page
{"lastUpdatedTime":1775111737649,"localOverride":null,"page":
{"id":"ManageUsersPage","type":"USER","urlPath":"/users/manage/:tab?/:manageUsersTab?","__typename":"PageDescriptor"},"__typename":"PageRes
{"lastUpdatedTime":1775111737649,"localOverride":null,"page":
{"id":"ForumReplyPage","type":"FORUM_REPLY","urlPath":"/discussions/:boardId/:messageSubject/:messageId/replies/:replyId","__typename":"PageD
{"lastUpdatedTime":1775111737649,"localOverride":null,"page":
{"id":"PrivacyPolicyPage","type":"COMMUNITY","urlPath":"/privacypolicy","__typename":"PageDescriptor"},"__typename":"PageResource"},
https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/demystifying-ransomware-attacks-against-microsoft-defender/ba-p/1928947
Page 7 of 40

{"lastUpdatedTime":1775111737649,"localOverride":null,"page":
{"id":"NotificationPage","type":"COMMUNITY","urlPath":"/notifications","__typename":"PageDescriptor"},"__typename":"PageResource"},
{"lastUpdatedTime":1775111737649,"localOverride":null,"page":
{"id":"UserPage","type":"USER","urlPath":"/users/:login/:userId","__typename":"PageDescriptor"},"__typename":"PageResource"},
{"lastUpdatedTime":1775111737649,"localOverride":null,"page":
{"id":"HealthCheckPage","type":"COMMUNITY","urlPath":"/health","__typename":"PageDescriptor"},"__typename":"PageResource"},
{"lastUpdatedTime":1775111737649,"localOverride":null,"page":
{"id":"OccasionReplyPage","type":"OCCASION_REPLY","urlPath":"/event/:boardId/:messageSubject/:messageId/comments/:replyId","__typename":"P
{"lastUpdatedTime":1775111737649,"localOverride":null,"page":
{"id":"ManageMembersPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId/manage/:tab?","__typename":"PageDescriptor"},"__typename":"P
{"lastUpdatedTime":1775111737649,"localOverride":null,"page":
{"id":"SearchResultsPage","type":"COMMUNITY","urlPath":"/search","__typename":"PageDescriptor"},"__typename":"PageResource"},
{"lastUpdatedTime":1775111737649,"localOverride":null,"page":
{"id":"BlogReplyPage","type":"BLOG_REPLY","urlPath":"/blog/:boardId/:messageSubject/:messageId/replies/:replyId","__typename":"PageDescriptor"
{"lastUpdatedTime":1775111737649,"localOverride":null,"page":
{"id":"GroupHubPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId","__typename":"PageDescriptor"},"__typename":"PageResource"},
{"lastUpdatedTime":1775111737649,"localOverride":null,"page":
{"id":"TermsOfServicePage","type":"COMMUNITY","urlPath":"/termsofservice","__typename":"PageDescriptor"},"__typename":"PageResource"},
{"lastUpdatedTime":1775111737649,"localOverride":null,"page":
{"id":"CategoryPage","type":"CATEGORY","urlPath":"/category/:categoryId","__typename":"PageDescriptor"},"__typename":"PageResource"},
{"lastUpdatedTime":1775111737649,"localOverride":null,"page":
{"id":"ForumViewAllTopicsPage","type":"FORUM","urlPath":"/category/:categoryId/discussions/:boardId/all-topics/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},
{"lastUpdatedTime":1775111737649,"localOverride":null,"page":
{"id":"TkbPostPage","type":"TKB","urlPath":"/category/:categoryId/kbs/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource
{"lastUpdatedTime":1775111737649,"localOverride":null,"page":
{"id":"GroupHubPostPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId/:boardId/create","__typename":"PageDescriptor"},"__typename":"Pa
components/context/AppContext/AppContextProvider-0":{"__typename":"CachedAsset","id":"text:en_US-components/context/AppContext/AppContextProvider-0","value":{"noCommunity":"Cannot find
community","noUser":"Cannot find current user","noNode":"Cannot find node with id {nodeId}","noMessage":"Cannot
find message with id {messageId}","userBanned":"We're sorry, but you have been banned from using this
site.","userBannedReason":"You have been banned for the following reason:
{reason}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/Loading/LoadingDot-0":
{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/Loading/LoadingDot-0","value":
{"title":"Loading..."},"localOverride":false},"Rank:rank:25":
{"__typename":"Rank","id":"rank:25","position":3,"name":"Former
Employee","color":"333333","icon":null,"rankStyle":"TEXT"},"User:user:408331":
{"__typename":"User","id":"user:408331","uid":408331,"login":"TanTran","deleted":false,"avatar":
{"__typename":"UserAvatar","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/dS00MDgzMzEtMjA5NTU5aTEwNDJDOUQxMTdB
{"__ref":"Rank:rank:25"},"email":"","messagesCount":67,"biography":null,"topicsCount":26,"kudosReceivedCount":109,"kudosGivenCount":84,"kudos
{"__typename":"RegistrationData","status":null,"registrationTime":"2019-09-12T23:20:22.681-
07:00","confirmEmailStatus":null},"followersCount":null,"solutionsCount":0},"Category:category:cis":
{"__typename":"Category","id":"category:cis","entityType":"CATEGORY","displayId":"cis","nodeType":"category","depth":4,"title":"Core
Infrastructure and Security","shortTitle":"Core Infrastructure and Security","parent":{"__ref":"Category:category:microsoft-security"}},"Category:category:top":
{"__typename":"Category","id":"category:top","entityType":"CATEGORY","displayId":"top","nodeType":"category","depth":0,"title":"Top","shortTitle"
{"__typename":"Category","id":"category:communities","entityType":"CATEGORY","displayId":"communities","nodeType":"category","depth":1,"paren
{"__ref":"Category:category:top"},"title":"Communities","shortTitle":"Communities"},"Category:category:products-services":{"__typename":"Category","id":"category:products-services","entityType":"CATEGORY","displayId":"products-services","nodeType":"category","depth":2,"parent":
{"__ref":"Category:category:communities"},"title":"Products","shortTitle":"Products"},"Category:category:microsoft-security":{"__typename":"Category","id":"category:microsoft-security","entityType":"CATEGORY","displayId":"microsoft-security","nodeType":"category","depth":3,"parent":
{"__ref":"Category:category:products-services"},"title":"Microsoft Security","shortTitle":"Microsoft
Security","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":
{"__typename":"PolicyResult","failureReason":null}}},"Blog:board:CoreInfrastructureandSecurityBlog":
{"__typename":"Blog","id":"board:CoreInfrastructureandSecurityBlog","entityType":"BLOG","displayId":"CoreInfrastructureandSecurityBlog","nodeTy
{"__typename":"RepliesProperties","sortOrder":"REVERSE_PUBLISH_TIME","repliesFormat":"threaded"},"tagProperties":
{"__typename":"TagNodeProperties","tagsEnabled":
{"__typename":"PolicyResult","failureReason":null}},"requireTags":true,"tagType":"FREEFORM_ONLY","description":"","title":"Core
Infrastructure and Security Blog","shortTitle":"Core Infrastructure and Security Blog","parent":
{"__ref":"Category:category:cis"},"ancestors":{"__typename":"CoreNodeConnection","edges":
[{"__typename":"CoreNodeEdge","node":{"__ref":"Community:community:gxcuf89792"}},
{"__typename":"CoreNodeEdge","node":{"__ref":"Category:category:communities"}},
https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/demystifying-ransomware-attacks-against-microsoft-defender/ba-p/1928947
Page 8 of 40

{"__typename":"CoreNodeEdge","node":{"__ref":"Category:category:products-services"}},
{"__typename":"CoreNodeEdge","node":{"__ref":"Category:category:microsoft-security"}},
{"__typename":"CoreNodeEdge","node":{"__ref":"Category:category:cis"}}]},"userContext":
{"__typename":"NodeUserContext","canAddAttachments":false,"canUpdateNode":false,"canPostMessages":false,"isSubscribed":false},"theme":
{"__ref":"Theme:customTheme1"},"boardPolicies":{"__typename":"BoardPolicies","canViewSpamDashBoard":
{"__typename":"PolicyResult","failureReason":
{"__typename":"FailureReason","message":"error.lithium.policies.feature.moderation_spam.action.access_spam_quarantine.allowed.accessDenied","key"
[]}},"canArchiveMessage":{"__typename":"PolicyResult","failureReason":
{"__typename":"FailureReason","message":"error.lithium.policies.content_archivals.enable_content_archival_settings.accessDenied","key":"error.lithium
[]}},"canPublishArticleOnCreate":{"__typename":"PolicyResult","failureReason":
{"__typename":"FailureReason","message":"error.lithium.policies.forums.policy_can_publish_on_create_workflow_action.accessDenied","key":"error.lit
[]}}},"linkProperties":
{"__typename":"LinkProperties","isExternalLinkWarningEnabled":false}},"BlogTopicMessage:message:1928947":
{"__typename":"BlogTopicMessage","uid":1928947,"subject":"Demystifying Ransomware Attacks Against Microsoft
Defender
Solution","id":"message:1928947","entityType":"BLOG_ARTICLE","eventPath":"category:cis/category:microsoft-security/category:products-services/category:communities/community:gxcuf89792board:CoreInfrastructureandSecurityBlog/message:1928947","revisionNum":40,"repliesCount":8,
{"__ref":"User:user:408331"},"depth":0,"hasGivenKudo":false,"board":
{"__ref":"Blog:board:CoreInfrastructureandSecurityBlog"},"conversation":
{"__ref":"Conversation:conversation:1928947"},"messagePolicies":
{"__typename":"MessagePolicies","canPublishArticleOnEdit":{"__typename":"PolicyResult","failureReason":
{"__typename":"FailureReason","message":"error.lithium.policies.forums.policy_can_publish_on_edit_workflow_action.accessDenied","key":"error.lithi
[]}},"canModerateSpamMessage":{"__typename":"PolicyResult","failureReason":
{"__typename":"FailureReason","message":"error.lithium.policies.feature.moderation_spam.action.moderate_entity.allowed.accessDenied","key":"error.li
[]}},"canReply":{"__typename":"PolicyResult","failureReason":
{"__typename":"FailureReason","message":"error.lithium.policies.forums.action.message.reply_to_entity.allow.accessDenied","key":"error.lithium.polici
[]}},"canAcceptSolution":{"__typename":"PolicyResult","failureReason":
{"__typename":"FailureReason","message":"error.lithium.policies.accepted_solutions.action_allow.message.mark_as_accepted_solution.accessDenied","k
[]}},"canRejectSolution":{"__typename":"PolicyResult","failureReason":
{"__typename":"FailureReason","message":"error.lithium.policies.accepted_solutions.action_allow.message.unmark_as_accepted_solution.accessDenied"
[]}},"canTag":{"__typename":"PolicyResult","failureReason":
{"__typename":"FailureReason","message":"error.lithium.policies.labels.action.labelableentity.set_labels.allow.accessDenied","key":"error.lithium.policie
[]}},"canEdit":{"__typename":"PolicyResult","failureReason":
{"__typename":"FailureReason","message":"error.lithium.policies.forums.action_allow.edit_message.accessDenied","key":"error.lithium.policies.forums.
[]}},"canKudo":{"__typename":"PolicyResult","failureReason":
{"__typename":"FailureReason","message":"error.lithium.policies.kudos.action.entity.give_kudos.allow.accessDenied","key":"error.lithium.policies.kudo
[]}}},"contentWorkflow":
{"__typename":"ContentWorkflow","state":"PUBLISH","scheduledPublishTime":null,"scheduledTimezone":null,"userContext":
{"__typename":"MessageWorkflowContext","canSubmitForReview":null,"canEdit":false,"canRecall":null,"canSubmitForPublication":null,"canReturnTo
{"__ref":"ModerationData:moderation_data:1928947"},"teaser":"
Examining how well the MD for Endpoint and Identity acted against ransomware attack. The proactive way to eliminate
ransomware attack surface. Reviewing the Industry's standard, AV Lab tests, bi-monthly results
","body":"\n
Hi IT Pros,
\n
As you have known it, Ransomware is in the aggravated assault mode at this time of year 2020, the joint cybersecurity
advisory comes from the Cybersecurity Infrastructure and Security Agency (CISA), the Federal Bureau of Investigation
(FBI), and the Department of Health and Human Services (HHS) have just given a serious warning about Ransomware
Threat as shown in the following announcement:
\n\n\n\n
Debut in August of 2018, the Ransomware Ryuk gained shocking attention in 2019, Ryuk gangs demanded multi-million-dollar ransoms from victims, among them are companies, hospitals, and local governments. The actors are able to pocket
over $61 million just in the US alone, according to FBI's report.
\n
Check Point, a security software vendor also noted that the gang was attacking on an average of 20 companies every week in
the third quarter of 2020.
https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/demystifying-ransomware-attacks-against-microsoft-defender/ba-p/1928947
Page 9 of 40

\n
Sean Gallagher from Sophos Lab, gave us the story about a typical Ryuk and Conti Ransomeware attack.
\n
\n
The attack began on the afternoon of Tuesday. September 22,2020 when multiple employees of the targeted company
had received highly targeted phishing emails.
\n
The email was tagged with external sender warnings by the company’s mail software. The link, served up through the
mail delivery service Sendgrid, redirected to a malicious document hosted on docs.google.com.
\n
\n
Multiple instances of the malicious attachment were detected and blocked. But there was one employee who clicked on the
link in the email that afternoon, allowing the outlook mail to  execute \"print_document.exe\", a malicious executable file
identified as Buer Loader.
\n
\n
The Buer Loader malware dropped qoipozincyusury.exe, a Cobalt Strike “beacon,” along with other malware files.
\n
Cobalt Strike’s beacon makes a covert connection to the command and control of hackers.
\n
\n
By Wednesday morning the actors had obtained administrative credentials and had connected to the Domain Controller
Server, where they performed a data dump of Active Directory records.
\n
Data dump to an Admin User directory was most likely accomplished using \"SharpHound\".
\n
SharpHound is the official data collector for BloodHound. It is written in C# and uses native Windows API functions and
LDAP namespace functions to collect data from domain controllers
\n\n
\n
Ransomware attack is now ready to remotely deploy to other servers using WMI, Powershell and Remote Desktop
RDP
\n
\n
\n
Next, the \"SystemBC\", a malicious proxy was deployed on the domain controller. SystemBC is a SOCKS5 proxy
used to conceal malware traffic that shares code and forensic markers with other malware from the Trickbot family. 
\n
The malware installed itself (as itvs.exe), and created a scheduled job for the malware, using the old Windows task
scheduler format in a file named itvs.job—in order to maintain persistence.
\n
\n\n
\n
The organizational backup server was among the first target. The attackers used the icacls command to modify access
control, giving them full control of all the system folders on the server. GMER is frequently used by ransomware
actors to find and shut down hidden processes, and to shut down antivirus software protecting the server.
\n
\n
Ryuk ransomware was redeployed and re-launched three more times in short order after each failed attempt, no files were
encrypted.
https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/demystifying-ransomware-attacks-against-microsoft-defender/ba-p/1928947
Page 10 of 40

\n\n
Lesson Learn
\n
\n
 The actor could repeat the attack multiple times with different variants of Ryuk, the attack period could be prolonged
for days or weeks with multiple backdoors been used.
\n
Response time is critical to prevent damage from further steps down the path of attacking sequence, from
reconnaissance, credential compromise to later movement, domain dominance and exfiltration, data encryption, data
deletion.
\n
Team effort should be fully utilized during the attacking period.
\n
If more resources are needed, Security Team could consult with online security support experts ASAP to form an
united front against hackers .
\n
We need to stop the attack at the Cobalt Strike Beacon level (step 2 in the above Chart) when compromised system
starts connecting to outside command and control center of actor.
\n
The attack also shows that Remote Desktop Protocol can be dangerous even when it is inside the firewall.
\n
Proactive prevention with ASR rules for Office documents' macros could be an important factor to avoid the
ransomware attack right at step 0, by giving no attack opportunity . We should consider it as one good and needed
option to prevent ransomware attack. (see Attack Surface Reduction - ASR)
\n
\n\n
You may be worried and wonder how good the MD for Endpoint and MD for Identity could protect your systems from
ransomware.
\n
Well, let us bring MD to the test. The most trusted industry test could be AV-Test from the Independent IT-Security Institute
in Magdeburg of Germany, who has been known as the owner of the largest malware database in the world, it has counted a
total of 1121.95 millions of malware to date (11/27/2020). Every day, the AV-TEST Institute registers over 350,000 new
malicious programs (malware) and potentially unwanted applications (PUA).
\n
\n
For Windows Systems Antivirus Products.  AV-Test conduct monthly tests against widespread and prevalent malware
discovered in the last 4 weeks, for example, the test-set of August 2020 included 21,851 (virus) samples, the test-set
of October 2020 included 12316 (virus) samples. AV-TEST creates identical and reproducible conditions for all the
antivirus products from all big AV vendors who join the test program.
\n
MD for Endpoint continue getting AV-TEST top score monthly It scored 100% compared to the Industry average at
97.6% protection level against 339 different samples of \" 0 day\" malware type, the \"unknown yet and newly
appeared in the field\" malware type, tested for the month of May and June, 2020.
\n
\n
\n
Microsoft Defender for Endpoint scored 100% compared to the Industry average at 98.8% protection level against
334 different samples of \" 0 day\" malware type, tested in September and October 2020, as shown in the following
image.
\n
\n\n
\n
The test result table for all products based on protection, performance, usability scores is shown here, value of 6 is
the highest score:
\n
https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/demystifying-ransomware-attacks-against-microsoft-defender/ba-p/1928947
Page 11 of 40

\n\n\n\n
Test antivirus software for Windows 10 - October 2020 | AV-TEST (av-test.org)
\n\n
In its Security Report for 2019, AV-Test Lab gave the following conclusion:
\n
… the embedded Windows defense systems proved to be reliable protection against automated mass malware. In the regular
certification tests over the past year (2018), Microsoft‘s consumer product, “Microsoft Defender Antivirus“ garnered the AV-TEST rating as “Top Product“ five out of six times. Which among other things was due to the reliable detection and
defensive performance against widely distributed and frequently occurring malware. The business solution from Microsoft
exhibited even better test results in 2019 and was even able to defend the title of “Top Product“ in six out of six annual
tests.
\n
Microsoft Defender for Endpoint Simulation Attack
\n
Now, let us conduct our own test using the MD for Endpoint - Evaluation Lab feature:
\n
\n
we will create at least 3 test devices run windows 10 and windows server 2019 as shown here:            
\n
\n\n
\n
We run the \" known ransomware infection\" simulation by Safe breach for testmachine1
\n
You may also want to run different attack simulations provided by Safebreach and AttackIQ for different devices
\n
\n\n\n
with \" known ransomware infection\" attack simulation , the following ransomware names are detected and alerted on test
machine1:
\n\n\n
Click on WannaCrypt ransomware to show the details about malicious file named Llac.exe and how long it stayed before
being quarantined (3 minutes and 15 seconds):
\n\n\n
Click on Petya ransomware to show detail of malicious file named bdata.bin, it was existed within only 5 seconds and been
quarantined:
\n\n
The ransomware attack overview and its entities are shown in the incident named “Multi-stage incident involving Initial
access & Discovery including Ransomware on multiple Endpoints” tree graph,
\n
\n
The Wanacry Ransomware file, llac.exe was blocked at source on testmachine1 with a total of 6 failed attempts.
\n
The Wanacry Ransomware file, llac.exe was blocked at source on testserver3.
\n
\n\n
\n
The Petya ransomware file, bdata.bin had been laterally spread out to testserver2 before it was stopped.
\n
https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/demystifying-ransomware-attacks-against-microsoft-defender/ba-p/1928947
Page 12 of 40

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
\n\n
Ransomware Action
\n\n
\n
MD for Endpoint and MD for Identity Alert
\n
\n
Malicious services were created on remote servers
using the same admin credentials, using WMI
Event to drop command payload.
\n
\n
MD for Endpoint Alert: WMI suspicious Event
\n\n
\n
PowerShell is used to download more malicious
payloads.
\n\n
\n
MD for Endpoint Alert
\n\n
\n
Credential theft activity
\n
\n
MD for Identity Alert about overpass the hash attack:
\n\n\n
\n
Impersonate action on privilege account and
privilege group membership by PowerShell script.
\n
\n
Alert by MD for Identity and displayed in Cloud App Security
Portal:
\n\n
\n
Keyboard hijack activity
\n
\n
Alert by Defender for Endpoint:
\n\n
\n
Fileless attacks with memory payload.
\n
\n
These activities could be detected by AMSI, Microsoft’s Anti-Malware Scanning Interface, when it inspects the in-memory
process. MD for Endpoint raised the alert, details as follow:
\n\n\n
\n
Mimikatz was used as a credential theft tool, It
was detected and blocked from installation.
\n
Mimikatz files were quarantined.
\n
\n
Alert by MD for Endpoint
\n\n\n
\n
Backdoor activity detected
\n
\n
Alerted by MD for Endpoint:
\n\n
\n
Ransomware Payload and encryption activities are
prevented beforehand.
\n
\n
There is no domain dominant - alert event.
\n
There is no encryption - alert event.
\n
\n\n
https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/demystifying-ransomware-attacks-against-microsoft-defender/ba-p/1928947
Page 13 of 40

Ryuk Ransomware Prevention and Protection strategy provided by MD for Endpoint - Threat Analytics.
\n
Microsoft Defender for Endpoint Analytics proposed an analyst report and mitigation (plan) against the Ryuk ransomware.
Each of the attack step in Ryuk’s killing chain is mapped to the protection measures which include Antivirus-EDR (MD for
Endpoint), Azure ATP (MD for Identity), Multi Factors Authentication MFA, Attack Surface Reduction rules for Office
Macro, Windows Host Firewall, and Tamper Protection Security Policy.
\n
The detail of Ryuk attack based on MITRE ATT&CK process is shown in the following image, each Ransomware action
step of the attack sequence was mapped to one or multiple counter attack measure:
\n\n
Mitigations provided by MD for Endpoint - Threat Analytics
\n
\n
1. Apply these mitigations to reduce the impact of this threat:
\n
\n
\n
Utilize the Microsoft Defender Firewall and your network firewall to prevent RPC and SMB communication among
endpoints whenever possible. This limits lateral movement as well as other attack activities.
\n
Turn on tamper protection features to prevent attackers from stopping security services.
\n
Enforce strong, randomized local administrator passwords. Use tools like LAPS.
\n
Monitor for clearing of event logs. Windows generates a security event ID 1102 when this occurs.
\n
Ensure internet-facing assets have the latest security updates. Audit these assets regularly for suspicious activity.
\n
Determine where highly privileged accounts are logging on and exposing credentials. Monitor and investigate logon
events (event ID 4624) for logon type attributes. Highly privileged accounts should not be present on workstations.
\n
Turn on cloud-delivered protection and automatic sample submission on Microsoft Defender Antivirus. These
capabilities use artificial intelligence and machine learning to quickly identify and stop new and unknown threats.
\n
Turn on attack surface reduction rules, including rules that block credential theft, ransomware activity, and suspicious
use of PsExec and WMI.
\n
\n
\n
1. Check the recommendations card for the deployment status of monitored mitigations in “Threat & Vulnerability
Management” under “Remediation”.
\n
\n\n
If Security Administrators enable EDR and all features of Defender, setup alert notification and completely finish all of the
Defender Endpoint and Defender Identity’s remediation plans against each ransomware and malware, then, I guess, our
colleagues may have a much better sleep at night, knowing that their systems are safe and well protected from ransomware
and other malware threats.
\n
To get it upto the \"100%\"  level of protection, your defender strategy should always include Windows 10 Defender Guard
(Application Guard, Credential Guard, Exploit Guard with Attack Surface Reduction rules, System Guard, …) together with
MD for Endpoint, to be deployed on workstations and servers and MD for Identity applied to all domain controllers, it is
part of the defense strategy and included in M365 E5 license. You may want to check the blog articles related to Microsoft
Defender for Identity setup and operation.
https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/demystifying-ransomware-attacks-against-microsoft-defender/ba-p/1928947
Page 14 of 40

\n\n
I hope the info is useful,
\n
Have a valuable time with your Defender!
\n\n\n
___________________________________
\n
Reference:
\n
\n
 Sophos Lab inside a new Ryuk ransomware attack
\n
 Splunk three key ways to get started combating ransomware
\n
 AV-Test Antivirus for business windows client
\n
 Microsoft Defender for Identity Playbook Lab Overview
\n
 Microsoft Defender for Identity working with suspicious activities
\n
 Microsoft Threat Protection leads real-world detection in MITRE ATT&CK evaluation
\n
Malware Lateral Movement Alert
\n
\n","body@stringLength":"29959","rawBody":"\n
Hi IT Pros,
\n
As you have known it, Ransomware is in the aggravated assault mode at this time of year 2020, the joint cybersecurity
advisory comes from the Cybersecurity Infrastructure and Security Agency (CISA), the Federal Bureau of Investigation
(FBI), and the Department of Health and Human Services (HHS) have just given a serious warning about Ransomware
Threat as shown in the following announcement:
\n\n\n\n
Debut in August of 2018, the Ransomware Ryuk gained shocking attention in 2019, Ryuk gangs demanded multi-million-dollar ransoms from victims, among them are companies, hospitals, and local governments. The actors are able to pocket
over $61 million just in the US alone, according to FBI's report.
\n
Check Point, a security software vendor also noted that the gang was attacking on an average of 20 companies every week in
the third quarter of 2020.
\n
Sean Gallagher from Sophos Lab, gave us the story about a typical Ryuk and Conti Ransomeware attack.
\n
\n
The attack began on the afternoon of Tuesday. September 22,2020 when multiple employees of the targeted company
had received highly targeted phishing emails.
\n
The email was tagged with external sender warnings by the company’s mail software. The link, served up through the
mail delivery service Sendgrid, redirected to a malicious document hosted on docs.google.com.
\n
\n
https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/demystifying-ransomware-attacks-against-microsoft-defender/ba-p/1928947
Page 15 of 40

Multiple instances of the malicious attachment were detected and blocked. But there was one employee who clicked on the
link in the email that afternoon, allowing the outlook mail to  execute \"print_document.exe\", a malicious executable file
identified as Buer Loader.
\n
\n
The Buer Loader malware dropped qoipozincyusury.exe, a Cobalt Strike “beacon,” along with other malware files.
\n
Cobalt Strike’s beacon makes a covert connection to the command and control of hackers.
\n
\n
By Wednesday morning the actors had obtained administrative credentials and had connected to the Domain Controller
Server, where they performed a data dump of Active Directory records.
\n
Data dump to an Admin User directory was most likely accomplished using \"SharpHound\".
\n
SharpHound is the official data collector for BloodHound. It is written in C# and uses native Windows API functions and
LDAP namespace functions to collect data from domain controllers
\n\n
\n
Ransomware attack is now ready to remotely deploy to other servers using WMI, Powershell and Remote Desktop
RDP
\n
\n
\n
Next, the \"SystemBC\", a malicious proxy was deployed on the domain controller. SystemBC is a SOCKS5 proxy
used to conceal malware traffic that shares code and forensic markers with other malware from the Trickbot family. 
\n
The malware installed itself (as itvs.exe), and created a scheduled job for the malware, using the old Windows task
scheduler format in a file named itvs.job—in order to maintain persistence.
\n
\n\n
\n
The organizational backup server was among the first target. The attackers used the icacls command to modify access
control, giving them full control of all the system folders on the server. GMER is frequently used by ransomware
actors to find and shut down hidden processes, and to shut down antivirus software protecting the server.
\n
\n
Ryuk ransomware was redeployed and re-launched three more times in short order after each failed attempt, no files were
encrypted.
\n\n
Lesson Learn
\n
\n
 The actor could repeat the attack multiple times with different variants of Ryuk, the attack period could be prolonged
for days or weeks with multiple backdoors been used.
\n
Response time is critical to prevent damage from further steps down the path of attacking sequence, from
reconnaissance, credential compromise to later movement, domain dominance and exfiltration, data encryption, data
deletion.
\n
Team effort should be fully utilized during the attacking period.
https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/demystifying-ransomware-attacks-against-microsoft-defender/ba-p/1928947
Page 16 of 40

\n
If more resources are needed, Security Team could consult with online security support experts ASAP to form an
united front against hackers .
\n
We need to stop the attack at the Cobalt Strike Beacon level (step 2 in the above Chart) when compromised system
starts connecting to outside command and control center of actor.
\n
The attack also shows that Remote Desktop Protocol can be dangerous even when it is inside the firewall.
\n
Proactive prevention with ASR rules for Office documents' macros could be an important factor to avoid the
ransomware attack right at step 0, by giving no attack opportunity . We should consider it as one good and needed
option to prevent ransomware attack. (see Attack Surface Reduction - ASR)
\n
\n
How good is Microsoft Defender for Endpoint and Identity against ransomware attack? 
\n
You may be worried and wonder how good the MD for Endpoint and MD for Identity could protect your systems from
ransomware.
\n
Well, let us bring MD to the test. The most trusted industry test could be AV-Test from the Independent IT-Security Institute
in Magdeburg of Germany, who has been known as the owner of the largest malware database in the world, it has counted a
total of 1121.95 millions of malware to date (11/27/2020). Every day, the AV-TEST Institute registers over 350,000 new
malicious programs (malware) and potentially unwanted applications (PUA).
\n
\n
For Windows Systems Antivirus Products.  AV-Test conduct monthly tests against widespread and prevalent malware
discovered in the last 4 weeks, for example, the test-set of August 2020 included 21,851 (virus) samples, the test-set
of October 2020 included 12316 (virus) samples. AV-TEST creates identical and reproducible conditions for all the
antivirus products from all big AV vendors who join the test program.
\n
MD for Endpoint continue getting AV-TEST top score monthly It scored 100% compared to the Industry average at
97.6% protection level against 339 different samples of \" 0 day\" malware type, the \"unknown yet and newly
appeared in the field\" malware type, tested for the month of May and June, 2020.
\n
\n
\n
Microsoft Defender for Endpoint scored 100% compared to the Industry average at 98.8% protection level against
334 different samples of \" 0 day\" malware type, tested in September and October 2020, as shown in the following
image.
\n
\n\n
\n
The test result table for all products based on protection, performance, usability scores is shown here, value of 6 is
the highest score:
\n
\n\n\n\n
Test antivirus software for Windows 10 - October 2020 | AV-TEST (av-test.org)
\n\n
In its Security Report for 2019, AV-Test Lab gave the following conclusion:
\n
… the embedded Windows defense systems proved to be reliable protection against automated mass malware. In the regular
certification tests over the past year (2018), Microsoft‘s consumer product, “Microsoft Defender Antivirus“ garnered the AV-https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/demystifying-ransomware-attacks-against-microsoft-defender/ba-p/1928947
Page 17 of 40

TEST rating as “Top Product“ five out of six times. Which among other things was due to the reliable detection and
defensive performance against widely distributed and frequently occurring malware. The business solution from Microsoft
exhibited even better test results in 2019 and was even able to defend the title of “Top Product“ in six out of six annual
tests.
\n
Microsoft Defender for Endpoint Simulation Attack
\n
Now, let us conduct our own test using the MD for Endpoint - Evaluation Lab feature:
\n
\n
we will create at least 3 test devices run windows 10 and windows server 2019 as shown here:            
\n
\n\n
\n
We run the \" known ransomware infection\" simulation by Safe breach for testmachine1
\n
You may also want to run different attack simulations provided by Safebreach and AttackIQ for different devices
\n
\n\n\n
with \" known ransomware infection\" attack simulation , the following ransomware names are detected and alerted on test
machine1:
\n\n\n
Click on WannaCrypt ransomware to show the details about malicious file named Llac.exe and how long it stayed before
being quarantined (3 minutes and 15 seconds):
\n\n\n
Click on Petya ransomware to show detail of malicious file named bdata.bin, it was existed within only 5 seconds and been
quarantined:
\n\n
The ransomware attack overview and its entities are shown in the incident named “Multi-stage incident involving Initial
access & Discovery including Ransomware on multiple Endpoints” tree graph,
\n
\n
The Wanacry Ransomware file, llac.exe was blocked at source on testmachine1 with a total of 6 failed attempts.
\n
The Wanacry Ransomware file, llac.exe was blocked at source on testserver3.
\n
\n\n
\n
The Petya ransomware file, bdata.bin had been laterally spread out to testserver2 before it was stopped.
\n
\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
\n\n
Ransomware Action
\n\n
\n
MD for Endpoint and MD for Identity Alert
\n
\n
Malicious services were created on remote servers
using the same admin credentials, using WMI
Event to drop command payload.
\n
MD for Endpoint Alert: WMI suspicious Event
\n\n
https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/demystifying-ransomware-attacks-against-microsoft-defender/ba-p/1928947
Page 18 of 40

\n
\n
PowerShell is used to download more malicious
payloads.
\n\n
\n
MD for Endpoint Alert
\n\n
\n
Credential theft activity
\n
\n
MD for Identity Alert about overpass the hash attack:
\n\n\n
\n
Impersonate action on privilege account and
privilege group membership by PowerShell script.
\n
\n
Alert by MD for Identity and displayed in Cloud App Security
Portal:
\n\n
\n
Keyboard hijack activity
\n
\n
Alert by Defender for Endpoint:
\n\n
\n
Fileless attacks with memory payload.
\n
\n
These activities could be detected by AMSI, Microsoft’s Anti-Malware Scanning Interface, when it inspects the in-memory
process. MD for Endpoint raised the alert, details as follow:
\n\n\n
\n
Mimikatz was used as a credential theft tool, It
was detected and blocked from installation.
\n
Mimikatz files were quarantined.
\n
\n
Alert by MD for Endpoint
\n\n\n
\n
Backdoor activity detected
\n
\n
Alerted by MD for Endpoint:
\n\n
\n
Ransomware Payload and encryption activities are
prevented beforehand.
\n
\n
There is no domain dominant - alert event.
\n
There is no encryption - alert event.
\n
\n\n
 Ryuk Ransomware Prevention and Protection strategy provided by MD for Endpoint - Threat Analytics.
\n
Microsoft Defender for Endpoint Analytics proposed an analyst report and mitigation (plan) against the Ryuk ransomware.
Each of the attack step in Ryuk’s killing chain is mapped to the protection measures which include Antivirus-EDR (MD for
Endpoint), Azure ATP (MD for Identity), Multi Factors Authentication MFA, Attack Surface Reduction rules for Office
Macro, Windows Host Firewall, and Tamper Protection Security Policy.
\n
https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/demystifying-ransomware-attacks-against-microsoft-defender/ba-p/1928947
Page 19 of 40

The detail of Ryuk attack based on MITRE ATT&CK process is shown in the following image, each Ransomware action
step of the attack sequence was mapped to one or multiple counter attack measure:
\n\n
Mitigations provided by MD for Endpoint - Threat Analytics
\n
\n
1. Apply these mitigations to reduce the impact of this threat:
\n
\n
\n
Utilize the Microsoft Defender Firewall and your network firewall to prevent RPC and SMB communication among
endpoints whenever possible. This limits lateral movement as well as other attack activities.
\n
Turn on tamper protection features to prevent attackers from stopping security services.
\n
Enforce strong, randomized local administrator passwords. Use tools like LAPS.
\n
Monitor for clearing of event logs. Windows generates a security event ID 1102 when this occurs.
\n
Ensure internet-facing assets have the latest security updates. Audit these assets regularly for suspicious activity.
\n
Determine where highly privileged accounts are logging on and exposing credentials. Monitor and investigate logon
events (event ID 4624) for logon type attributes. Highly privileged accounts should not be present on workstations.
\n
Turn on cloud-delivered protection and automatic sample submission on Microsoft Defender Antivirus. These
capabilities use artificial intelligence and machine learning to quickly identify and stop new and unknown threats.
\n
Turn on attack surface reduction rules, including rules that block credential theft, ransomware activity, and suspicious
use of PsExec and WMI.
\n
\n
\n
1. Check the recommendations card for the deployment status of monitored mitigations in “Threat & Vulnerability
Management” under “Remediation”.
\n
\n\n
If Security Administrators enable EDR and all features of Defender, setup alert notification and completely finish all of the
Defender Endpoint and Defender Identity’s remediation plans against each ransomware and malware, then, I guess, our
colleagues may have a much better sleep at night, knowing that their systems are safe and well protected from ransomware
and other malware threats.
\n
To get it upto the \"100%\"  level of protection, your defender strategy should always include Windows 10 Defender Guard
(Application Guard, Credential Guard, Exploit Guard with Attack Surface Reduction rules, System Guard, …) together with
MD for Endpoint, to be deployed on workstations and servers and MD for Identity applied to all domain controllers, it is
part of the defense strategy and included in M365 E5 license. You may want to check the blog articles related to Microsoft
Defender for Identity setup and operation.
\n\n
I hope the info is useful,
\n
Have a valuable time with your Defender!
\n\n\n
___________________________________
https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/demystifying-ransomware-attacks-against-microsoft-defender/ba-p/1928947
Page 20 of 40

\n
Reference:
\n
\n
 Sophos Lab inside a new Ryuk ransomware attack
\n
 Splunk three key ways to get started combating ransomware
\n
 AV-Test Antivirus for business windows client
\n
 Microsoft Defender for Identity Playbook Lab Overview
\n
 Microsoft Defender for Identity working with suspicious activities
\n
 Microsoft Threat Protection leads real-world detection in MITRE ATT&CK evaluation
\n
Malware Lateral Movement Alert
\n
\n","kudosSumWeight":8,"postTime":"2020-11-24T21:05:08.896-08:00","images":
{"__typename":"AssociatedImageConnection","edges":
[{"__typename":"AssociatedImageEdge","cursor":"MjYuMXwyLjF8b3wyNXxfTlZffDE","node":
{"__ref":"AssociatedImage:
{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0xOTI4OTQ3LTIzNTkxOGkzNzkwNEJFOUNFODAzOTY2?
revision=40\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjYuMXwyLjF8b3wyNXxfTlZffDI","node":
{"__ref":"AssociatedImage:
{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0xOTI4OTQ3LTIzNTg1MGkyRjUxMkUzRjQ1NDU0NjQx?
revision=40\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjYuMXwyLjF8b3wyNXxfTlZffDM","node":
{"__ref":"AssociatedImage:
{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0xOTI4OTQ3LTIzNTg0OWkzNzJGMDJDMjY2Q0ZDRkFB?
revision=40\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjYuMXwyLjF8b3wyNXxfTlZffDQ","node":
{"__ref":"AssociatedImage:
{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0xOTI4OTQ3LTIzNTg0OGk1N0UwQzREN0IzNjVENjgw?
revision=40\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjYuMXwyLjF8b3wyNXxfTlZffDU","node":
{"__ref":"AssociatedImage:
{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0xOTI4OTQ3LTIzNjM0MGlCMDMyQkRDRkM0ODg1RUQ4?
revision=40\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjYuMXwyLjF8b3wyNXxfTlZffDY","node":
{"__ref":"AssociatedImage:
{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0xOTI4OTQ3LTIzNjMzOWk2RDExMUEwOEE0NEUwNTY0?
revision=40\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjYuMXwyLjF8b3wyNXxfTlZffDc","node":
{"__ref":"AssociatedImage:
{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0xOTI4OTQ3LTIzNTkwN2lDREJBREQ3NjIwQzM5NEZE?
revision=40\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjYuMXwyLjF8b3wyNXxfTlZffDg","node":
{"__ref":"AssociatedImage:
{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0xOTI4OTQ3LTIzNTkwOWlEMEZENkIzRTg0MTE1RDMx?
revision=40\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjYuMXwyLjF8b3wyNXxfTlZffDk","node":
{"__ref":"AssociatedImage:
{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0xOTI4OTQ3LTIzNTg3N2kyQjg3M0ExNkYyRTQxMEJC?
revision=40\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjYuMXwyLjF8b3wyNXxfTlZffDEw","node":
{"__ref":"AssociatedImage:
{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0xOTI4OTQ3LTIzNTg3OGk2QzIxQTEzRjBCNEZGMjI0?
revision=40\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjYuMXwyLjF8b3wyNXxfTlZffDEx","node":
{"__ref":"AssociatedImage:
{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0xOTI4OTQ3LTIzNTg3OWk4NDc1ODMyNkFCQjg2M0I4?
revision=40\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjYuMXwyLjF8b3wyNXxfTlZffDEy","node":
{"__ref":"AssociatedImage:
{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0xOTI4OTQ3LTIzNTg4MWk4MEI2OUZBOUQ0MENFMzMx?
revision=40\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjYuMXwyLjF8b3wyNXxfTlZffDEz","node":
{"__ref":"AssociatedImage:
{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0xOTI4OTQ3LTIzNTg4Mmk5NkQyNTMzRUZFNjY4QjQx?
revision=40\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjYuMXwyLjF8b3wyNXxfTlZffDE0","node":
{"__ref":"AssociatedImage:
https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/demystifying-ransomware-attacks-against-microsoft-defender/ba-p/1928947
Page 21 of 40

{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0xOTI4OTQ3LTIzNTg4NGlERkRDREM5RDA1NkIwNEE5?
revision=40\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjYuMXwyLjF8b3wyNXxfTlZffDE1","node":
{"__ref":"AssociatedImage:
{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0xOTI4OTQ3LTIzNjAyMWkyNzQyOUFBNjY0MEU4RkYy?
revision=40\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjYuMXwyLjF8b3wyNXxfTlZffDE2","node":
{"__ref":"AssociatedImage:
{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0xOTI4OTQ3LTIzNTg4NmlCQTdCMjU0M0JEQzQzMEVC?
revision=40\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjYuMXwyLjF8b3wyNXxfTlZffDE3","node":
{"__ref":"AssociatedImage:
{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0xOTI4OTQ3LTIzNTg4OGk3OTlGNDYzMUU4RTg4NzY1?
revision=40\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjYuMXwyLjF8b3wyNXxfTlZffDE4","node":
{"__ref":"AssociatedImage:
{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0xOTI4OTQ3LTIzNTg4OWlBRkQ4RTJFNUNERDI1RTRF?
revision=40\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjYuMXwyLjF8b3wyNXxfTlZffDE5","node":
{"__ref":"AssociatedImage:
{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0xOTI4OTQ3LTIzNTg5MWkwQzJEQjA3QjdFQUY2NTNB?
revision=40\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjYuMXwyLjF8b3wyNXxfTlZffDIw","node":
{"__ref":"AssociatedImage:
{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0xOTI4OTQ3LTIzNTg5MmkzMjlGMTIyREJBQzZBRkM0?
revision=40\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjYuMXwyLjF8b3wyNXxfTlZffDIx","node":
{"__ref":"AssociatedImage:
{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0xOTI4OTQ3LTIzNTg5M2lFNTM0REREMDQ1RjFDRDQ2?
revision=40\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjYuMXwyLjF8b3wyNXxfTlZffDIy","node":
{"__ref":"AssociatedImage:
{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0xOTI4OTQ3LTIzNTg5NWlEQUNGNzRCREE5RDc3OTQ3?
revision=40\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjYuMXwyLjF8b3wyNXxfTlZffDIz","node":
{"__ref":"AssociatedImage:
{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0xOTI4OTQ3LTIzNTkxOWlDRjVFMTVGMjlCNDVEODky?
revision=40\"}"}},{"__typename":"AssociatedImageEdge","cursor":"MjYuMXwyLjF8b3wyNXxfTlZffDI0","node":
{"__ref":"AssociatedImage:
{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0xOTI4OTQ3LTIzNTkxMmk1RDc4MDY1QTgwMzVBQTNC?
revision=40\"}"}}],"totalCount":24,"pageInfo":
{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"attachments":
{"__typename":"AttachmentConnection","pageInfo":
{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null},"edges":
[]},"tags":{"__typename":"TagConnection","pageInfo":
{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null},"edges":
[{"__typename":"TagEdge","cursor":"MjYuMXwyLjF8b3wxMHxfTlZffDE","node":
{"__typename":"Tag","id":"tag:TanTran","text":"TanTran","time":"2020-08-01T07:36:04.840-
07:00","lastActivityTime":null,"messagesCount":null,"followersCount":null}}]},"timeToRead":8,"rawTeaser":"
Examining how well the MD for Endpoint and Identity acted against ransomware attack. The proactive way to eliminate
ransomware attack surface. Reviewing the Industry's standard, AV Lab tests, bi-monthly results
","introduction":"","coverImage":null,"coverImageProperties":
{"__typename":"CoverImageProperties","style":"STANDARD","titlePosition":"BOTTOM","altText":""},"currentRevision":
{"__ref":"Revision:revision:1928947_40"},"latestVersion":
{"__typename":"FriendlyVersion","major":"27","minor":"0"},"metrics":
{"__typename":"MessageMetrics","views":22471},"read":false,"visibilityScope":"PUBLIC","canonicalUrl":null,"seoTitle":null,"seoDescription":null,"pl
{"__typename":"UserConnection","edges":[]},"nonCoAuthorContributors":{"__typename":"UserConnection","edges":
[]},"coAuthors":{"__typename":"UserConnection","edges":[]},"blogMessagePolicies":
{"__typename":"BlogMessagePolicies","canDoAuthoringActionsOnBlog":{"__typename":"PolicyResult","failureReason":
{"__typename":"FailureReason","message":"error.lithium.policies.blog.action_can_do_authoring_action.accessDenied","key":"error.lithium.policies.blog
[]}}},"archivalData":null,"customFields":[],"revisions({\"constraints\":{\"isPublished\":{\"eq\":true}}})":
{"__typename":"RevisionConnection","totalCount":40}},"Conversation:conversation:1928947":
{"__typename":"Conversation","id":"conversation:1928947","solved":false,"topic":
{"__ref":"BlogTopicMessage:message:1928947"},"lastPostingActivityTime":"2021-06-17T00:42:26.515-
07:00","lastPostTime":"2020-11-30T06:40:23.406-
08:00","unreadReplyCount":8,"isSubscribed":false},"ModerationData:moderation_data:1928947":
{"__typename":"ModerationData","id":"moderation_data:1928947","status":"APPROVED","rejectReason":null,"isReportedAbuse":false,"rejectUser":nu
{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0xOTI4OTQ3LTIzNTkxOGkzNzkwNEJFOUNFODAzOTY2?
revision=40\"}":
{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0xOTI4OTQ3LTIzNTkxOGkzNzkwNEJFOU
revision=40","title":"RS2.gif","associationType":"BODY","width":1200,"height":873,"altText":null},"AssociatedImage:
https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/demystifying-ransomware-attacks-against-microsoft-defender/ba-p/1928947
Page 22 of 40

{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0xOTI4OTQ3LTIzNTg1MGkyRjUxMkUzRjQ1NDU0NjQx?
revision=40\"}":
{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0xOTI4OTQ3LTIzNTg1MGkyRjUxMkUzRjQ
revision=40","title":"TanTran_1-
1606259880764.png","associationType":"BODY","width":886,"height":941,"altText":null},"AssociatedImage:
{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0xOTI4OTQ3LTIzNTg0OWkzNzJGMDJDMjY2Q0ZDRkFB?
revision=40\"}":
{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0xOTI4OTQ3LTIzNTg0OWkzNzJGMDJDM
revision=40","title":"TanTran_2-
1606259880776.png","associationType":"BODY","width":954,"height":710,"altText":null},"AssociatedImage:
{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0xOTI4OTQ3LTIzNTg0OGk1N0UwQzREN0IzNjVENjgw?
revision=40\"}":
{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0xOTI4OTQ3LTIzNTg0OGk1N0UwQzREN0
revision=40","title":"TanTran_3-
1606259880784.png","associationType":"BODY","width":887,"height":533,"altText":null},"AssociatedImage:
{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0xOTI4OTQ3LTIzNjM0MGlCMDMyQkRDRkM0ODg1RUQ4?
revision=40\"}":
{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0xOTI4OTQ3LTIzNjM0MGlCMDMyQkRDR
revision=40","title":"27-1.png","associationType":"BODY","width":717,"height":462,"altText":null},"AssociatedImage:
{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0xOTI4OTQ3LTIzNjMzOWk2RDExMUEwOEE0NEUwNTY0?
revision=40\"}":
{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0xOTI4OTQ3LTIzNjMzOWk2RDExMUEwO
revision=40","title":"27-2.png","associationType":"BODY","width":597,"height":887,"altText":null},"AssociatedImage:
{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0xOTI4OTQ3LTIzNTkwN2lDREJBREQ3NjIwQzM5NEZE?
revision=40\"}":
{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0xOTI4OTQ3LTIzNTkwN2lDREJBREQ3NjI
revision=40","title":"Rs04.png","associationType":"BODY","width":249,"height":220,"altText":null},"AssociatedImage:
{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0xOTI4OTQ3LTIzNTkwOWlEMEZENkIzRTg0MTE1RDMx?
revision=40\"}":
{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0xOTI4OTQ3LTIzNTkwOWlEMEZENkIzRT
revision=40","title":"Rs05.png","associationType":"BODY","width":726,"height":318,"altText":null},"AssociatedImage:
{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0xOTI4OTQ3LTIzNTg3N2kyQjg3M0ExNkYyRTQxMEJC?
revision=40\"}":
{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0xOTI4OTQ3LTIzNTg3N2kyQjg3M0ExNkY
revision=40","title":"Rs3.png","associationType":"BODY","width":1543,"height":720,"altText":null},"AssociatedImage:
{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0xOTI4OTQ3LTIzNTg3OGk2QzIxQTEzRjBCNEZGMjI0?
revision=40\"}":
{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0xOTI4OTQ3LTIzNTg3OGk2QzIxQTEzRjB
revision=40","title":"Rs4.png","associationType":"BODY","width":712,"height":444,"altText":null},"AssociatedImage:
{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0xOTI4OTQ3LTIzNTg3OWk4NDc1ODMyNkFCQjg2M0I4?
revision=40\"}":
{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0xOTI4OTQ3LTIzNTg3OWk4NDc1ODMyN
revision=40","title":"Rs5.png","associationType":"BODY","width":727,"height":283,"altText":null},"AssociatedImage:
{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0xOTI4OTQ3LTIzNTg4MWk4MEI2OUZBOUQ0MENFMzMx?
revision=40\"}":
{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0xOTI4OTQ3LTIzNTg4MWk4MEI2OUZBO
revision=40","title":"Picture6.png","associationType":"BODY","width":894,"height":582,"altText":null},"AssociatedImage:
{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0xOTI4OTQ3LTIzNTg4Mmk5NkQyNTMzRUZFNjY4QjQx?
revision=40\"}":
{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0xOTI4OTQ3LTIzNTg4Mmk5NkQyNTMzR
revision=40","title":"Rs7.png","associationType":"BODY","width":920,"height":559,"altText":null},"AssociatedImage:
{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0xOTI4OTQ3LTIzNTg4NGlERkRDREM5RDA1NkIwNEE5?
revision=40\"}":
{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0xOTI4OTQ3LTIzNTg4NGlERkRDREM5RD
revision=40","title":"Rs8.png","associationType":"BODY","width":794,"height":463,"altText":null},"AssociatedImage:
{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0xOTI4OTQ3LTIzNjAyMWkyNzQyOUFBNjY0MEU4RkYy?
revision=40\"}":
{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0xOTI4OTQ3LTIzNjAyMWkyNzQyOUFBN
revision=40","title":"Rs001.png","associationType":"BODY","width":889,"height":746,"altText":null},"AssociatedImage:
{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0xOTI4OTQ3LTIzNTg4NmlCQTdCMjU0M0JEQzQzMEVC?
revision=40\"}":
{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0xOTI4OTQ3LTIzNTg4NmlCQTdCMjU0M0
revision=40","title":"Rs10.png","associationType":"BODY","width":659,"height":381,"altText":null},"AssociatedImage:
{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0xOTI4OTQ3LTIzNTg4OGk3OTlGNDYzMUU4RTg4NzY1?
https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/demystifying-ransomware-attacks-against-microsoft-defender/ba-p/1928947
Page 23 of 40

revision=40\"}":
{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0xOTI4OTQ3LTIzNTg4OGk3OTlGNDYzMU
revision=40","title":"Rs11.png","associationType":"BODY","width":728,"height":176,"altText":null},"AssociatedImage:
{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0xOTI4OTQ3LTIzNTg4OWlBRkQ4RTJFNUNERDI1RTRF?
revision=40\"}":
{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0xOTI4OTQ3LTIzNTg4OWlBRkQ4RTJFNU
revision=40","title":"Rs12.png","associationType":"BODY","width":750,"height":342,"altText":null},"AssociatedImage:
{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0xOTI4OTQ3LTIzNTg5MWkwQzJEQjA3QjdFQUY2NTNB?
revision=40\"}":
{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0xOTI4OTQ3LTIzNTg5MWkwQzJEQjA3Qj
revision=40","title":"Rs13.png","associationType":"BODY","width":784,"height":596,"altText":null},"AssociatedImage:
{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0xOTI4OTQ3LTIzNTg5MmkzMjlGMTIyREJBQzZBRkM0?
revision=40\"}":
{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0xOTI4OTQ3LTIzNTg5MmkzMjlGMTIyRE
revision=40","title":"Rs14.png","associationType":"BODY","width":782,"height":292,"altText":null},"AssociatedImage:
{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0xOTI4OTQ3LTIzNTg5M2lFNTM0REREMDQ1RjFDRDQ2?
revision=40\"}":
{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0xOTI4OTQ3LTIzNTg5M2lFNTM0REREM
revision=40","title":"Rs15.png","associationType":"BODY","width":794,"height":812,"altText":null},"AssociatedImage:
{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0xOTI4OTQ3LTIzNTg5NWlEQUNGNzRCREE5RDc3OTQ3?
revision=40\"}":
{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0xOTI4OTQ3LTIzNTg5NWlEQUNGNzRCR
revision=40","title":"Rs16.png","associationType":"BODY","width":648,"height":782,"altText":null},"AssociatedImage:
{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0xOTI4OTQ3LTIzNTkxOWlDRjVFMTVGMjlCNDVEODky?
revision=40\"}":
{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0xOTI4OTQ3LTIzNTkxOWlDRjVFMTVGM
revision=40","title":"Rs01.png","associationType":"BODY","width":661,"height":445,"altText":null},"AssociatedImage:
{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0xOTI4OTQ3LTIzNTkxMmk1RDc4MDY1QTgwMzVBQTNC?
revision=40\"}":
{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS0xOTI4OTQ3LTIzNTkxMmk1RDc4MDY1Q
revision=40","title":"Rs02.png","associationType":"BODY","width":695,"height":444,"altText":null},"Revision:revision:1928947_40":
{"__typename":"Revision","id":"revision:1928947_40","lastEditTime":"2021-06-17T00:42:26.515-
07:00"},"CachedAsset:theme:customTheme1-1774592291394":{"__typename":"CachedAsset","id":"theme:customTheme1-
1774592291394","value":{"id":"customTheme1","animation":
{"fast":"150ms","normal":"250ms","slow":"500ms","slowest":"750ms","function":"cubic-bezier(0.07, 0.91, 0.51,
1)","__typename":"AnimationThemeSettings"},"avatar":{"borderRadius":"50%","collections":
["default"],"__typename":"AvatarThemeSettings"},"basics":{"browserIcon":{"imageAssetName":"favicon-1730836283320.png","imageLastModified":"1730836286415","__typename":"ThemeAsset"},"customerLogo":
{"imageAssetName":"favicon-1730836271365.png","imageLastModified":"1730836274203","__typename":"ThemeAsset"},"maximumWidthOfPageContent":"1300px","oneColumnN
{"borderRadiusSm":"3px","borderRadius":"3px","borderRadiusLg":"5px","paddingY":"5px","paddingYLg":"7px","paddingYHero":"var(-
-lia-bs-btn-padding-y-lg)","paddingX":"12px","paddingXLg":"16px","paddingXHero":"60px","fontStyle":"NORMAL","fontWeight":"700","textTransform":"NONE","disabled
-lia-bs-white)","primaryTextHoverColor":"var(--lia-bs-white)","primaryTextActiveColor":"var(--lia-bs-white)","primaryBgColor":"var(--lia-bs-primary)","primaryBgHoverColor":"hsl(var(--lia-bs-primary-h), var(--lia-bs-primary-s), calc(var(--lia-bs-primary-l) * 0.85))","primaryBgActiveColor":"hsl(var(--lia-bs-primary-h), var(--lia-bs-primary-s), calc(var(--lia-bs-primary-l) * 0.7))","primaryBorder":"1px solid transparent","primaryBorderHover":"1px solid
transparent","primaryBorderActive":"1px solid transparent","primaryBorderFocus":"1px solid var(--lia-bs-white)","primaryBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","secondaryTextColor":"var(--lia-bs-gray-900)","secondaryTextHoverColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) *
0.95))","secondaryTextActiveColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) *
0.9))","secondaryBgColor":"var(--lia-bs-gray-200)","secondaryBgHoverColor":"hsl(var(--lia-bs-gray-200-h), var(--lia-bs-gray-200-s), calc(var(--lia-bs-gray-200-l) * 0.96))","secondaryBgActiveColor":"hsl(var(--lia-bs-gray-200-h), var(--lia-bs-gray-200-s), calc(var(--lia-bs-gray-200-l) * 0.92))","secondaryBorder":"1px solid
transparent","secondaryBorderHover":"1px solid transparent","secondaryBorderActive":"1px solid
transparent","secondaryBorderFocus":"1px solid transparent","secondaryBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l),
0.2)","tertiaryTextColor":"var(--lia-bs-gray-900)","tertiaryTextHoverColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) * 0.95))","tertiaryTextActiveColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-
s), calc(var(--lia-bs-gray-900-l) *
0.9))","tertiaryBgColor":"transparent","tertiaryBgHoverColor":"transparent","tertiaryBgActiveColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.04)","tertiaryBorder":"1px solid
transparent","tertiaryBorderHover":"1px solid hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l),
https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/demystifying-ransomware-attacks-against-microsoft-defender/ba-p/1928947
Page 24 of 40

0.08)","tertiaryBorderActive":"1px solid transparent","tertiaryBorderFocus":"1px solid
transparent","tertiaryBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","destructiveTextColor":"var(--lia-bs-danger)","destructiveTextHoverColor":"hsl(var(--lia-bs-danger-h), var(--lia-bs-danger-s), calc(var(--lia-bs-danger-l) *
0.95))","destructiveTextActiveColor":"hsl(var(--lia-bs-danger-h), var(--lia-bs-danger-s), calc(var(--lia-bs-danger-l) *
0.9))","destructiveBgColor":"var(--lia-bs-gray-200)","destructiveBgHoverColor":"hsl(var(--lia-bs-gray-200-h), var(--lia-bs-gray-200-s), calc(var(--lia-bs-gray-200-l) * 0.96))","destructiveBgActiveColor":"hsl(var(--lia-bs-gray-200-h), var(--lia-bs-gray-200-s), calc(var(--lia-bs-gray-200-l) * 0.92))","destructiveBorder":"1px solid
transparent","destructiveBorderHover":"1px solid transparent","destructiveBorderActive":"1px solid
transparent","destructiveBorderFocus":"1px solid transparent","destructiveBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l),
0.2)","__typename":"ButtonsThemeSettings"},"border":{"color":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l),
0.08)","mainContent":"NONE","sideContent":"LIGHT","radiusSm":"3px","radius":"5px","radiusLg":"9px","radius50":"100vw","__typename":"BorderT
{"xs":"0 0 0 1px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.08), 0 3px 0 -1px
hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.16)","sm":"0 2px 4px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.12)","md":"0 5px 15px hsla(var(--lia-bs-gray-900-h), var(--
lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.3)","lg":"0 10px 30px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s),
var(--lia-bs-gray-900-l), 0.3)","__typename":"BoxShadowThemeSettings"},"cards":{"bgColor":"var(--lia-panel-bg-color)","borderRadius":"var(--lia-panel-border-radius)","boxShadow":"var(--lia-box-shadow-xs)","__typename":"CardsThemeSettings"},"chip":
{"maxWidth":"300px","height":"30px","__typename":"ChipThemeSettings"},"coreTypes":
{"defaultMessageLinkColor":"var(--lia-bs-link-color)","defaultMessageLinkDecoration":"none","defaultMessageLinkFontStyle":"NORMAL","defaultMessageLinkFontWeight":"400","defaultMessageF
-lia-bs-font-family-base)","forumColor":"#4099E2","forumFontFamily":"var(--lia-bs-font-family-base)","forumFontWeight":"var(--lia-default-message-font-weight)","forumLineHeight":"var(--lia-bs-line-height-base)","forumFontStyle":"var(--lia-default-message-font-style)","forumMessageLinkColor":"var(--lia-default-message-link-color)","forumMessageLinkDecoration":"var(--lia-default-message-link-decoration)","forumMessageLinkFontStyle":"var(--
lia-default-message-link-font-style)","forumMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","forumSolvedColor":"#148563","blogColor":"#1CBAA0","blogFontFamily":"var(--lia-bs-font-family-base)","blogFontWeight":"var(--lia-default-message-font-weight)","blogLineHeight":"1.75","blogFontStyle":"var(--lia-default-message-font-style)","blogMessageLinkColor":"var(--lia-default-message-link-color)","blogMessageLinkDecoration":"var(--lia-default-message-link-decoration)","blogMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","blogMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","tkbColor":"#4C6B90","tkbFontFamily":"var(--lia-bs-font-family-base)","tkbFontWeight":"var(--lia-default-message-font-weight)","tkbLineHeight":"1.75","tkbFontStyle":"var(--lia-default-message-font-style)","tkbMessageLinkColor":"var(--lia-default-message-link-color)","tkbMessageLinkDecoration":"var(--lia-default-message-link-decoration)","tkbMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","tkbMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","qandaColor":"#4099E2","qandaFontFamily":"var(--lia-bs-font-family-base)","qandaFontWeight":"var(--lia-default-message-font-weight)","qandaLineHeight":"var(--lia-bs-line-height-base)","qandaFontStyle":"var(--lia-default-message-link-font-style)","qandaMessageLinkColor":"var(--lia-default-message-link-color)","qandaMessageLinkDecoration":"var(--lia-default-message-link-decoration)","qandaMessageLinkFontStyle":"var(--
lia-default-message-link-font-style)","qandaMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","qandaSolvedColor":"#3FA023","ideaColor":"#FF8000","ideaFontFamily":"var(--lia-bs-font-family-base)","ideaFontWeight":"var(--lia-default-message-font-weight)","ideaLineHeight":"var(--lia-bs-line-height-base)","ideaFontStyle":"var(--lia-default-message-font-style)","ideaMessageLinkColor":"var(--lia-default-message-link-color)","ideaMessageLinkDecoration":"var(--lia-default-message-link-decoration)","ideaMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","ideaMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","contestColor":"#FCC845","contestFontFamily":"var(--lia-bs-font-family-base)","contestFontWeight":"var(--lia-default-message-font-weight)","contestLineHeight":"var(--lia-bs-line-height-base)","contestFontStyle":"var(--lia-default-message-link-font-style)","contestMessageLinkColor":"var(--lia-default-message-link-color)","contestMessageLinkDecoration":"var(--lia-default-message-link-decoration)","contestMessageLinkFontStyle":"ITALIC","contestMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","occasionColor":"#bc341b","occasionFontFamily":"var(--lia-bs-font-family-base)","occasionFontWeight":"var(--lia-default-message-font-weight)","occasionLineHeight":"var(--lia-bs-line-height-base)","occasionFontStyle":"var(--lia-default-message-font-style)","occasionMessageLinkColor":"var(--lia-default-message-link-color)","occasionMessageLinkDecoration":"var(--lia-default-message-link-decoration)","occasionMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","occasionMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","grouphubColor":"#333333","categoryColor":"#949494","communityColor":"#FFFFFF","productColor":"#949494","__typename":"CoreTypesT
{"black":"#000000","white":"#FFFFFF","gray100":"#F7F7F7","gray200":"#F7F7F7","gray300":"#E8E8E8","gray400":"#D9D9D9","gray500":"#CCCC
-lia-bs-primary)","custom":["#D3F5A4","#243A5E"],"__typename":"ColorsThemeSettings"},"divider":
{"size":"3px","marginLeft":"4px","marginRight":"4px","borderRadius":"50%","bgColor":"var(--lia-bs-gray-https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/demystifying-ransomware-attacks-against-microsoft-defender/ba-p/1928947
Page 25 of 40

600)","bgColorActive":"var(--lia-bs-gray-600)","__typename":"DividerThemeSettings"},"dropdown":{"fontSize":"var(--
lia-bs-font-size-sm)","borderColor":"var(--lia-bs-border-color)","borderRadius":"var(--lia-bs-border-radius-sm)","dividerBg":"var(--lia-bs-gray-300)","itemPaddingY":"5px","itemPaddingX":"20px","headerColor":"var(--lia-bs-gray-700)","__typename":"DropdownThemeSettings"},"email":{"link":
{"color":"#0069D4","hoverColor":"#0061c2","decoration":"none","hoverDecoration":"underline","__typename":"EmailLinkSettings"},"border":
{"color":"#e4e4e4","__typename":"EmailBorderSettings"},"buttons":
{"borderRadiusLg":"5px","paddingXLg":"16px","paddingYLg":"7px","fontWeight":"700","primaryTextColor":"#ffffff","primaryTextHoverColor":"#fffff
solid transparent","primaryBorderHover":"1px solid transparent","__typename":"EmailButtonsSettings"},"panel":
{"borderRadius":"5px","borderColor":"#e4e4e4","__typename":"EmailPanelSettings"},"__typename":"EmailThemeSettings"},"emoji":
{"skinToneDefault":"#ffcd43","skinToneLight":"#fae3c5","skinToneMediumLight":"#e2cfa5","skinToneMedium":"#daa478","skinToneMediumDark":"#
{"color":"var(--lia-bs-body-color)","fontFamily":"Segoe
UI","fontStyle":"NORMAL","fontWeight":"400","h1FontSize":"34px","h2FontSize":"32px","h3FontSize":"28px","h4FontSize":"24px","h5FontSize":"20
-lia-bs-headings-font-weight)","h2FontWeight":"var(--lia-bs-headings-font-weight)","h3FontWeight":"var(--lia-bs-headings-font-weight)","h4FontWeight":"var(--lia-bs-headings-font-weight)","h5FontWeight":"var(--lia-bs-headings-font-weight)","h6FontWeight":"var(--lia-bs-headings-font-weight)","__typename":"HeadingThemeSettings"},"icons":
{"size10":"10px","size12":"12px","size14":"14px","size16":"16px","size20":"20px","size24":"24px","size30":"30px","size40":"40px","size50":"50px","s
{"bgColor":"var(--lia-bs-gray-900)","titleColor":"var(--lia-bs-white)","controlColor":"var(--lia-bs-white)","controlBgColor":"var(--lia-bs-gray-800)","__typename":"ImagePreviewThemeSettings"},"input":
{"borderColor":"var(--lia-bs-gray-600)","disabledColor":"var(--lia-bs-gray-600)","focusBorderColor":"var(--lia-bs-primary)","labelMarginBottom":"10px","btnFontSize":"var(--lia-bs-font-size-sm)","focusBoxShadow":"0 0 0 3px hsla(var(-
-lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l),
0.2)","checkLabelMarginBottom":"2px","checkboxBorderRadius":"3px","borderRadiusSm":"var(--lia-bs-border-radius-sm)","borderRadius":"var(--lia-bs-border-radius)","borderRadiusLg":"var(--lia-bs-border-radius-lg)","formTextMarginTop":"4px","textAreaBorderRadius":"var(--lia-bs-border-radius)","activeFillColor":"var(--lia-bs-primary)","__typename":"InputThemeSettings"},"loading":{"dotDarkColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.2)","dotLightColor":"hsla(var(--lia-bs-white-h), var(--lia-bs-white-s), var(--lia-bs-white-l),
0.5)","barDarkColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l),
0.06)","barLightColor":"hsla(var(--lia-bs-white-h), var(--lia-bs-white-s), var(--lia-bs-white-l),
0.4)","__typename":"LoadingThemeSettings"},"link":{"color":"var(--lia-bs-primary)","hoverColor":"hsl(var(--lia-bs-primary-h), var(--lia-bs-primary-s), calc(var(--lia-bs-primary-l) -
10%))","decoration":"none","hoverDecoration":"underline","__typename":"LinkThemeSettings"},"listGroup":
{"itemPaddingY":"15px","itemPaddingX":"15px","borderColor":"var(--lia-bs-gray-300)","__typename":"ListGroupThemeSettings"},"modal":{"contentTextColor":"var(--lia-bs-body-color)","contentBg":"var(--lia-bs-white)","backgroundBg":"var(--lia-bs-black)","smSize":"440px","mdSize":"760px","lgSize":"1080px","backdropOpacity":0.3,"contentBoxShadowXs":"var(--lia-bs-box-shadow-sm)","contentBoxShadow":"var(--lia-bs-box-shadow)","headerFontWeight":"700","__typename":"ModalThemeSettings"},"navbar":{"position":"FIXED","background":
{"attachment":null,"clip":null,"color":"var(--lia-bs-white)","imageAssetName":"","imageLastModified":"0","origin":null,"position":"CENTER_CENTER","repeat":"NO_REPEAT","size":"COVER","__typ
solid var(--lia-bs-border-color)","boxShadow":"var(--lia-bs-box-shadow-sm)","brandMarginRight":"30px","brandMarginRightSm":"10px","brandLogoHeight":"30px","linkGap":"10px","linkJustifyContent":"flex-start","linkPaddingY":"5px","linkPaddingX":"10px","linkDropdownPaddingY":"9px","linkDropdownPaddingX":"var(--lia-nav-link-px)","linkColor":"var(--lia-bs-body-color)","linkHoverColor":"var(--lia-bs-primary)","linkFontSize":"var(--lia-bs-font-size-sm)","linkFontStyle":"NORMAL","linkFontWeight":"400","linkTextTransform":"NONE","linkLetterSpacing":"normal","linkBorderRadius":"var(-
-lia-bs-border-radius-sm)","linkBgColor":"transparent","linkBgHoverColor":"transparent","linkBorder":"none","linkBorderHover":"none","linkBoxShadow":"none","linkBoxS
-lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","controllerBgHoverColor":"hsla(var(--lia-bs-black-h),
var(--lia-bs-black-s), var(--lia-bs-black-l), 0.1)","controllerIconColor":"var(--lia-bs-body-color)","controllerIconHoverColor":"var(--lia-bs-body-color)","controllerTextColor":"var(--lia-nav-controller-icon-color)","controllerTextHoverColor":"var(--lia-nav-controller-icon-hover-color)","controllerHighlightColor":"hsla(30, 100%,
50%)","controllerHighlightTextColor":"var(--lia-yiq-light)","controllerBorderRadius":"var(--lia-border-radius-50)","hamburgerColor":"var(--lia-nav-controller-icon-color)","hamburgerHoverColor":"var(--lia-nav-controller-icon-color)","hamburgerBgColor":"transparent","hamburgerBgHoverColor":"transparent","hamburgerBorder":"none","hamburgerBorderHover":"none","collap
-lia-nav-link-color)","collapseMenuDividerOpacity":0.16,"__typename":"NavbarThemeSettings"},"pager":
{"textColor":"var(--lia-bs-link-color)","textFontWeight":"var(--lia-font-weight-md)","textFontSize":"var(--lia-bs-font-size-sm)","__typename":"PagerThemeSettings"},"panel":{"bgColor":"var(--lia-bs-white)","borderRadius":"var(--lia-bs-border-radius)","borderColor":"var(--lia-bs-border-color)","boxShadow":"none","__typename":"PanelThemeSettings"},"popover":
{"arrowHeight":"8px","arrowWidth":"16px","maxWidth":"300px","minWidth":"100px","headerBg":"var(--lia-bs-white)","borderColor":"var(--lia-bs-border-color)","borderRadius":"var(--lia-bs-border-radius)","boxShadow":"0 0.5rem
1rem hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l),
0.15)","__typename":"PopoverThemeSettings"},"prism":{"color":"#000000","bgColor":"#f5f2f0","fontFamily":"var(--font-family-monospace)","fontSize":"var(--lia-bs-font-size-base)","fontWeightBold":"var(--lia-bs-font-weight-bold)","fontStyleItalic":"italic","tabSize":2,"highlightColor":"#b3d4fc","commentColor":"#62707e","punctuationColor":"#6f6f6f","namespaceOpacity":"
https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/demystifying-ransomware-attacks-against-microsoft-defender/ba-p/1928947
Page 26 of 40

0%, 100%,
0.5)","keywordColor":"#0076a9","functionColor":"#d3284b","variableColor":"#c14700","__typename":"PrismThemeSettings"},"rte":
{"bgColor":"var(--lia-bs-white)","borderRadius":"var(--lia-panel-border-radius)","boxShadow":" var(--lia-panel-box-shadow)","customColor1":"#bfedd2","customColor2":"#fbeeb8","customColor3":"#f8cac6","customColor4":"#eccafa","customColor5":"#c2e0f4","custo
53%, 51%, 0.4)","diffChangedColor":"hsla(43, 97%, 63%, 0.4)","diffNoneColor":"hsla(0, 0%, 80%,
0.4)","diffRemovedColor":"hsla(9, 74%, 47%,
0.4)","specialMessageHeaderMarginTop":"40px","specialMessageHeaderMarginBottom":"20px","specialMessageItemMarginTop":"0","specialMessageIt
-lia-bs-gray-700)","tableBorderStyle":"solid","tableCellPaddingX":"5px","tableCellPaddingY":"5px","tableTextColor":"var(--lia-bs-body-color)","tableVerticalAlign":"middle","__typename":"RteThemeSettings"},"tags":{"bgColor":"var(--lia-bs-gray-200)","bgHoverColor":"var(--lia-bs-gray-400)","borderRadius":"var(--lia-bs-border-radius-sm)","color":"var(--lia-bs-body-color)","hoverColor":"var(--lia-bs-body-color)","fontWeight":"var(--lia-font-weight-md)","fontSize":"var(--lia-font-size-xxs)","textTransform":"UPPERCASE","letterSpacing":"0.5px","__typename":"TagsThemeSettings"},"toasts":
{"borderRadius":"var(--lia-bs-border-radius)","paddingX":"12px","__typename":"ToastsThemeSettings"},"typography":
{"fontFamilyBase":"Segoe
UI","fontStyleBase":"NORMAL","fontWeightBase":"400","fontWeightLight":"300","fontWeightNormal":"400","fontWeightMd":"500","fontWeightBold
[{"source":"SERVER","name":"Segoe UI","styles":[{"style":"NORMAL","weight":"400","__typename":"FontStyleData"},
{"style":"NORMAL","weight":"300","__typename":"FontStyleData"},
{"style":"NORMAL","weight":"600","__typename":"FontStyleData"},
{"style":"NORMAL","weight":"700","__typename":"FontStyleData"},
{"style":"ITALIC","weight":"400","__typename":"FontStyleData"}],"assetNames":["SegoeUI-normal-400.woff2","SegoeUI-normal-300.woff2","SegoeUI-normal-600.woff2","SegoeUI-normal-700.woff2","SegoeUI-italic-400.woff2"],"__typename":"CustomFont"},{"source":"SERVER","name":"MWF Fluent Icons","styles":
[{"style":"NORMAL","weight":"400","__typename":"FontStyleData"}],"assetNames":["MWFFluentIcons-normal-400.woff2"],"__typename":"CustomFont"}],"__typename":"TypographyThemeSettings"},"unstyledListItem":
{"marginBottomSm":"5px","marginBottomMd":"10px","marginBottomLg":"15px","marginBottomXl":"20px","marginBottomXxl":"25px","__typename"
{"light":"#ffffff","dark":"#000000","__typename":"YiqThemeSettings"},"colorLightness":
{"primaryDark":0.36,"primaryLight":0.74,"primaryLighter":0.89,"primaryLightest":0.95,"infoDark":0.39,"infoLight":0.72,"infoLighter":0.85,"infoLighte
shared/client/components/common/Loading/LoadingDot-1775111751202":
{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/Loading/LoadingDot-1775111751202","value":
{"title":"Loading..."},"localOverride":false},"CachedAsset:quilt:o365.prod:pages/blogs/BlogMessagePage:board:CoreInfrastructureandSecurityBlog-1775111749378":
{"__typename":"CachedAsset","id":"quilt:o365.prod:pages/blogs/BlogMessagePage:board:CoreInfrastructureandSecurityBlog-1775111749378","value":{"id":"BlogMessagePage","container":{"id":"Common","headerProps":
{"backgroundImageProps":null,"backgroundColor":null,"addComponents":null,"removeComponents":
["community.widget.bannerWidget"],"componentOrder":null,"__typename":"QuiltContainerSectionProps"},"headerComponentProps":
{"community.widget.breadcrumbWidget":
{"disableLastCrumbForDesktop":false}},"footerProps":null,"footerComponentProps":null,"items":[{"id":"blog-article","layout":"ONE_COLUMN","bgColor":null,"showTitle":null,"showDescription":null,"textPosition":null,"textColor":null,"sectionEditLevel":"LOC
{"main":[{"id":"blogs.widget.blogArticleWidget","className":"lia-blog-container","props":null,"__typename":"QuiltComponent"}],"__typename":"OneSectionColumns"}},{"id":"section-1729184836777","layout":"MAIN_SIDE","bgColor":"transparent","showTitle":false,"showDescription":false,"textPosition":"CENTER","textColor":"var
-lia-bs-body-color)","sectionEditLevel":null,"bgImage":null,"disableSpacing":null,"edgeToEdgeDisplay":null,"fullHeight":null,"showBorder":null,"__typename":"Ma
{"main":[],"side":[{"id":"custom.widget.UnregisteredCTAWidget","className":null,"props":
{"widgetVisibility":"anonymousOnly","useTitle":true,"useBackground":false,"title":"","lazyLoad":false,"widgetChooser":"custom.widget.UnregisteredCT
components/common/EmailVerification-1775111751202":{"__typename":"CachedAsset","id":"text:en_US-components/common/EmailVerification-1775111751202","value":{"email.verification.title":"Email Verification
Required","email.verification.message.update.email":"To participate in the community, you must first verify your email
address. The verification email was sent to {email}. To change your email, visit My
Settings.","email.verification.message.resend.email":"To participate in the community, you must first verify your email
address. The verification email was sent to {email}. Resend email."},"localOverride":false},"CachedAsset:text:en_US-pages/blogs/BlogMessagePage-1775111751202":{"__typename":"CachedAsset","id":"text:en_US-pages/blogs/BlogMessagePage-1775111751202","value":{"title":"{contextMessageSubject} |
{communityTitle}","errorMissing":"This blog post cannot be found","name":"Blog Message Page","section.blog-article.title":"Blog Post","archivedMessageTitle":"This Content Has Been Archived","section.section-1729184836777.title":"","section.section-1729184836777.description":"","section.CncIde.title":"Blog
Post","section.tifEmD.description":"","section.tifEmD.title":""},"localOverride":false},"CachedAsset:quiltWrapper:o365.prod:Common:1775111735068"
{"__typename":"CachedAsset","id":"quiltWrapper:o365.prod:Common:1775111735068","value":
{"id":"Common","header":{"backgroundImageProps":
{"assetName":null,"backgroundSize":"COVER","backgroundRepeat":"NO_REPEAT","backgroundPosition":"CENTER_CENTER","lastModified":null,"
[{"id":"community.widget.navbarWidget","props":
{"showUserName":true,"showRegisterLink":true,"useIconLanguagePicker":true,"useLabelLanguagePicker":true,"style":
https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/demystifying-ransomware-attacks-against-microsoft-defender/ba-p/1928947
Page 27 of 40

{"boxShadow":"var(--lia-bs-box-shadow-sm)","linkFontWeight":"400","controllerHighlightColor":"hsla(30, 100%,
50%)","dropdownDividerMarginBottom":"10px","hamburgerBorderHover":"none","linkFontSize":"14px","linkBoxShadowHover":"none","backgroundO
-lia-border-radius-50)","hamburgerBgColor":"transparent","linkTextBorderBottom":"none","hamburgerColor":"var(--lia-nav-controller-icon-color)","brandLogoHeight":"30px","linkLetterSpacing":"normal","linkBgHoverColor":"transparent","collapseMenuDividerOpacity":0.16,"paddingBottom
solid var(--lia-bs-border-color)","hamburgerBorder":"none","dropdownPaddingX":"10px","brandMarginRightSm":"10px","linkBoxShadow":"none","linkJustifyContent":"flex-start","linkColor":"var(--lia-bs-body-color)","collapseMenuDividerBg":"var(--lia-nav-link-color)","dropdownPaddingTop":"10px","controllerTextColor":"var(--lia-nav-controller-icon-color)","controllerHighlightTextColor":"var(--lia-yiq-dark)","background":{"imageAssetName":"","color":"var(--lia-bs-white)","size":"COVER","repeat":"NO_REPEAT","position":"CENTER_CENTER","imageLastModified":""},"linkBorderRadius":"var(-
-lia-bs-border-radius-sm)","linkHoverColor":"var(--lia-bs-body-color)","position":"FIXED","linkBorder":"none","linkTextBorderBottomHover":"2px solid var(--lia-bs-primary)","brandMarginRight":"30px","hamburgerHoverColor":"var(--lia-nav-controller-icon-color)","linkBorderHover":"none","collapseMenuMarginLeft":"20px","linkFontStyle":"NORMAL","linkPaddingX":"10px","controllerTextHoverColor":
-lia-nav-controller-icon-hover-color)","paddingTop":"15px","linkPaddingY":"5px","linkTextTransform":"NONE","dropdownBorderColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","controllerBgHoverColor":"hsla(var(--lia-bs-black-h), var(--
lia-bs-black-s), var(--lia-bs-black-l), 0.1)","linkDropdownPaddingX":"var(--lia-nav-link-px)","linkBgColor":"transparent","linkDropdownPaddingY":"9px","controllerIconColor":"var(--lia-bs-body-color)","dropdownDividerMarginTop":"10px","linkGap":"10px","controllerIconHoverColor":"var(--lia-bs-body-color)"},"links":{"sideLinks":[],"logoLinks":[],"mainLinks":[{"children":
[],"linkType":"INTERNAL","id":"gxcuf89792","params":{},"routeName":"CommunityPage"},{"children":
[],"linkType":"EXTERNAL","id":"community-hub-link","url":"/Directory","target":"SELF"},{"children":
[{"linkType":"INTERNAL","id":"Common-microsoft365-link","params":
{"categoryId":"microsoft365"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"Common-windows-link","params":{"categoryId":"Windows"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"Common-microsoft-security-link","params":{"categoryId":"microsoft-security"},"routeName":"CategoryPage"},
{"linkType":"INTERNAL","id":"Common-microsoft-teams-link","params":
{"categoryId":"MicrosoftTeams"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"Common-azure-link","params":{"categoryId":"Azure"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"Common-content_management-link","params":{"categoryId":"Content_Management"},"routeName":"CategoryPage"},
{"linkType":"INTERNAL","id":"Common-microsoftintune-link","params":
{"categoryId":"microsoftintune"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"Common-exchange-link","params":{"categoryId":"Exchange"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"Common-windows-server-link","params":{"categoryId":"Windows-Server"},"routeName":"CategoryPage"},
{"linkType":"INTERNAL","id":"Common-outlook-link","params":
{"categoryId":"Outlook"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"Common-microsoft365-copilot-link","params":{"categoryId":"Microsoft365Copilot"},"routeName":"CategoryPage"},
{"linkType":"EXTERNAL","id":"Common_Enntvz-view-all-products-link","url":"/Directory","target":"SELF"}],"linkType":"EXTERNAL","id":"products-link","url":"/","target":"SELF"},
{"children":[{"linkType":"INTERNAL","id":"Common-education-sector-link","params":
{"categoryId":"EducationSector"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"Common-partner-community-link","params":{"categoryId":"PartnerCommunity"},"routeName":"CategoryPage"},
{"linkType":"INTERNAL","id":"Common-healthcare-and-life-sciences-link","params":
{"categoryId":"HealthcareAndLifeSciences"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"Common-i-t-ops-talk-link","params":{"categoryId":"ITOpsTalk"},"routeName":"CategoryPage"},
{"linkType":"INTERNAL","id":"Common-public-sector-link","params":
{"categoryId":"PublicSector"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"Common-microsoftfor-nonprofits-link","params":{"categoryId":"MicrosoftforNonprofits"},"routeName":"CategoryPage"},
{"linkType":"INTERNAL","id":"Common-io-t-link","params":{"categoryId":"IoT"},"routeName":"CategoryPage"},
{"linkType":"INTERNAL","id":"Common-mvp-link","params":{"categoryId":"mvp"},"routeName":"CategoryPage"},
{"linkType":"INTERNAL","id":"Common-microsoft-mechanics-link","params":
{"categoryId":"MicrosoftMechanics"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"Common-driving-adoption-link","params":{"categoryId":"DrivingAdoption"},"routeName":"CategoryPage"},
{"linkType":"INTERNAL","id":"Common-microsoft-learn-for-educators-link","params":{"categoryId":"microsoft-learn-for-educators"},"routeName":"CategoryPage"}],"linkType":"EXTERNAL","id":"topics-link","url":"/","target":"SELF"},
{"children":[],"linkType":"EXTERNAL","id":"all-blogs-link","url":"/Blogs","target":"SELF"},{"children":
[],"linkType":"EXTERNAL","id":"all-events-link","url":"/Events","target":"SELF"},{"children":
[{"linkType":"INTERNAL","id":"Skills-Hub-link","params":{"categoryId":"skills-hub"},"routeName":"CategoryPage"},
{"linkType":"INTERNAL","id":"Skills-Hub-Blog","params":{"boardId":"skills-hub-blog","categoryId":"skills-hub"},"routeName":"BlogBoardPage"},{"linkType":"EXTERNAL","id":"ms-learn-ext-LD","url":"/category/skills-hub?
tab=grouphub","target":"BLANK"},{"linkType":"EXTERNAL","id":"ms-learn-ext-dynamics","url":"https://docs.microsoft.com/learn/dynamics365/?WT.mc_id=techcom_header-webpage-https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/demystifying-ransomware-attacks-against-microsoft-defender/ba-p/1928947
Page 28 of 40

m365","target":"BLANK"},{"linkType":"EXTERNAL","id":"ms-learn-ext-m365","url":"https://docs.microsoft.com/learn/m365/?wt.mc_id=techcom_header-webpage-m365","target":"BLANK"},
{"linkType":"EXTERNAL","id":"ms-learn-ext-security","url":"https://docs.microsoft.com/learn/topics/sci/?
wt.mc_id=techcom_header-webpage-m365","target":"BLANK"},{"linkType":"EXTERNAL","id":"ms-learn-ext-pp","url":"https://docs.microsoft.com/learn/powerplatform/?wt.mc_id=techcom_header-webpage-powerplatform","target":"BLANK"},{"linkType":"EXTERNAL","id":"ms-learn-ext-github","url":"https://docs.microsoft.com/learn/github/?wt.mc_id=techcom_header-webpage-github","target":"BLANK"},
{"linkType":"EXTERNAL","id":"ms-learn-ext-teams","url":"https://docs.microsoft.com/learn/teams/?
wt.mc_id=techcom_header-webpage-teams","target":"BLANK"},{"linkType":"EXTERNAL","id":"ms-learn-ext-net","url":"https://docs.microsoft.com/learn/dotnet/?wt.mc_id=techcom_header-webpage-dotnet","target":"BLANK"},
{"linkType":"EXTERNAL","id":"ms-learn-ext-azure","url":"https://docs.microsoft.com/learn/azure/?
WT.mc_id=techcom_header-webpage-m365","target":"BLANK"}],"linkType":"INTERNAL","id":"Skills-Hub","params":
{"categoryId":"skills-hub"},"routeName":"CategoryPage"},{"children":[{"linkType":"INTERNAL","id":"Common-community-info-center-link","params":{"categoryId":"Community-Info-Center"},"routeName":"CategoryPage"},
{"linkType":"INTERNAL","id":"Common-usergroups-link","params":
{"categoryId":"usergroups"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"Common-community-news-desk-link","params":{"categoryId":"CommunityNewsDesk"},"routeName":"CategoryPage"},
{"linkType":"INTERNAL","id":"Common-microsoft-global-community-initiative-link","params":{"categoryId":"microsoft-global-community-initiative"},"routeName":"CategoryPage"}],"linkType":"INTERNAL","id":"Common-gxcuf89792-
community","params":
{},"routeName":"CommunityPage"}]},"showSearchIcon":true,"languagePickerStyle":"iconAndLabel"},"__typename":"QuiltComponent"},
{"id":"community.widget.breadcrumbWidget","props":{"backgroundColor":"transparent","linkHighlightColor":"var(--lia-bs-primary)","visualEffects":{"showBottomBorder":true},"linkTextColor":"var(--lia-bs-gray-700)"},"__typename":"QuiltComponent"},{"id":"custom.widget.CommunityBanner","props":
{"widgetVisibility":"signedInOrAnonymous","useTitle":true,"usePageWidth":false,"useBackground":false,"title":"","lazyLoad":false},"__typename":"Qu
{"id":"custom.widget.ChatbotWidget","props":
{"customComponentId":"custom.widget.ChatbotWidget","cDisplay_form":true,"useBackground":false},"__typename":"QuiltComponent"},
{"id":"custom.widget.HeroBanner","props":
{"widgetVisibility":"signedInOrAnonymous","usePageWidth":false,"useTitle":true,"cMax_items":3,"useBackground":false,"title":"","lazyLoad":false,"w
{"backgroundImageProps":
{"assetName":null,"backgroundSize":"COVER","backgroundRepeat":"NO_REPEAT","backgroundPosition":"CENTER_CENTER","lastModified":null,"
[{"id":"custom.widget.SocialSharing","props":
{"widgetVisibility":"signedInOrAnonymous","useTitle":true,"useBackground":false,"title":"","lazyLoad":false},"__typename":"QuiltComponent"},
{"id":"custom.widget.MicrosoftFooter","props":
{"widgetVisibility":"signedInOrAnonymous","useTitle":true,"useBackground":false,"title":"","lazyLoad":false},"__typename":"QuiltComponent"}],"__ty
components/common/ActionFeedback-1775111751202":{"__typename":"CachedAsset","id":"text:en_US-components/common/ActionFeedback-1775111751202","value":
{"joinedGroupHub.title":"Welcome","joinedGroupHub.message":"You are now a member of this group and are subscribed
to updates.","groupHubInviteNotFound.title":"Invitation Not Found","groupHubInviteNotFound.message":"Sorry, we could
not find your invitation to the group. The owner may have canceled the invite.","groupHubNotFound.title":"Group Not
Found","groupHubNotFound.message":"The grouphub you tried to join does not exist. It may have been
deleted.","existingGroupHubMember.title":"Already Joined","existingGroupHubMember.message":"You are already a
member of this group.","accountLocked.title":"Account Locked","accountLocked.message":"Your account has been locked
due to multiple failed attempts. Try again in {lockoutTime} minutes.","editedGroupHub.title":"Changes
Saved","editedGroupHub.message":"Your group has been
updated.","leftGroupHub.title":"Goodbye","leftGroupHub.message":"You are no longer a member of this group and will not
receive future updates.","deletedGroupHub.title":"Deleted","deletedGroupHub.message":"The group has been
deleted.","groupHubCreated.title":"Group Created","groupHubCreated.message":"{groupHubName} is ready to
use","accountClosed.title":"Account Closed","accountClosed.message":"The account has been closed and you will now be
redirected to the homepage","resetTokenExpired.title":"Reset Password Link has
Expired","resetTokenExpired.message":"Try resetting your password again","invalidUrl.title":"Invalid
URL","invalidUrl.message":"The URL you're using is not recognized. Verify your URL and try
again.","accountClosedForUser.title":"Account Closed","accountClosedForUser.message":"{userName}'s account is
closed","inviteTokenInvalid.title":"Invitation Invalid","inviteTokenInvalid.message":"Your invitation to the community has
been canceled or expired.","inviteTokenError.title":"Invitation Verification Failed","inviteTokenError.message":"The url you
are utilizing is not recognized. Verify your URL and try again","pageNotFound.title":"Access
Denied","pageNotFound.message":"You do not have access to this area of the community or it doesn't
exist","eventAttending.title":"Responded as Attending","eventAttending.message":"You'll be notified when there's new
activity and reminded as the event approaches","eventInterested.title":"Responded as
Interested","eventInterested.message":"You'll be notified when there's new activity and reminded as the event
approaches","eventNotFound.title":"Event Not Found","eventNotFound.message":"The event you tried to respond to does
not exist.","redirectToRelatedPage.title":"Showing Related Content","redirectToRelatedPageForBaseUsers.title":"Showing
Related Content","redirectToRelatedPageForBaseUsers.message":"The content you are trying to access is
archived","redirectToRelatedPage.message":"The content you are trying to access is
https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/demystifying-ransomware-attacks-against-microsoft-defender/ba-p/1928947
Page 29 of 40

archived","relatedUrl.archivalLink.flyoutMessage":"The content you are trying to access is archived View Archived
Content"},"localOverride":false},"CachedAsset:component:custom.widget.CommunityBanner-en-us-1774593127122":
{"__typename":"CachedAsset","id":"component:custom.widget.CommunityBanner-en-us-1774593127122","value":
{"component":{"id":"custom.widget.CommunityBanner","template":
{"id":"CommunityBanner","markupLanguage":"REACT","style":null,"texts":null,"defaults":{"config":{"applicablePages":
[],"description":null,"fetchedContent":null,"__typename":"ComponentConfiguration"},"props":
[],"__typename":"ComponentProperties"},"components":
[{"id":"custom.widget.CommunityBanner","form":null,"config":null,"props":
[],"__typename":"Component"}],"grouping":"CUSTOM","__typename":"ComponentTemplate"},"properties":{"config":
{"applicablePages":[],"description":null,"fetchedContent":null,"__typename":"ComponentConfiguration"},"props":
[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":null,"form":null},"localOverride":
en-us-1774593127122":{"__typename":"CachedAsset","id":"component:custom.widget.ChatbotWidget-en-us-1774593127122","value":{"component":{"id":"custom.widget.ChatbotWidget","template":
{"id":"ChatbotWidget","markupLanguage":"REACT","style":null,"texts":{"chatbot.references.title":"Related
Articles","chatbot.welcome.title":"Welcome!","chatbot.welcome.description":"I'm here to help you explore and discover
great content.","chatbot.welcome.prompt":"Ask me a question or choose a suggestion below to get
started:","chatbot.welcome.cta":"Let's dive in—what would you like to discover today?","chatbot.status.typing":"Assistant
is typing…","chatbot.status.error":"error","chatbot.error.response":"Failed to get response. Please try
again.","chatbot.error.processing":"There was an error processing your message.","chatbot.error.configuration":"API URL
not configured","chatbot.error.network":"Network error occurred. Please check your connection and try
again.","chatbot.error.timeout":"Request timed out. Please try again.","chatbot.error.emptyResponse":"I couldn't generate a
response. Please try rephrasing your question.","chatbot.buttons.send":"Send","chatbot.buttons.close":"Close
chat","chatbot.buttons.newChat":"Start new chat","chatbot.buttons.collapse":"Collapse chat
panel","chatbot.buttons.expand":"Expand chat panel","chatbot.buttons.fullscreen":"Enter
fullscreen","chatbot.buttons.exitFullscreen":"Exit fullscreen","chatbot.buttons.like":"Like this
response","chatbot.buttons.dislike":"Dislike this response","chatbot.buttons.removeLike":"Remove
like","chatbot.buttons.removeDislike":"Remove dislike","chatbot.aria.chatInput":"Chat
input","chatbot.aria.sendMessage":"Send message","chatbot.aria.openChat":"Open chat
assistant","chatbot.aria.closeChat":"Close chat assistant","chatbot.defaults.title":"Ask Tech
Community","chatbot.defaults.subtitle":"Ask questions – get answers","chatbot.defaults.entryHeading":"Find
answers","chatbot.defaults.entrySubtext":"Ask the agent","chatbot.defaults.placeholder":"Type your
message…","chatbot.defaults.initialMessage":"Hi! I'm your assistant. Ask me something or pick a suggestion above to
begin.","chatbot.suggestions.findBlogs":"Find insightful blogs","chatbot.suggestions.exploreEvents":"Explore upcoming
events","chatbot.suggestions.startJourney":"Start your journey with something new","chatbot.dialog.endConversation":"End
conversation","chatbot.dialog.confirmEndConversation":"Do you want to end this conversation and start
over?","chatbot.dialog.endConversationButton":"End
conversation","chatbot.dialog.cancel":"Cancel","chatbot.error.genericServiceUnavailable":"The service is currently
unavailable. Please try again later.","chatbot.error.noResults":"We could not find any information related to your query. Try
rephrasing your query."},"defaults":{"config":{"applicablePages":
[],"description":null,"fetchedContent":null,"__typename":"ComponentConfiguration"},"props":
[],"__typename":"ComponentProperties"},"components":
[{"id":"custom.widget.ChatbotWidget","form":null,"config":null,"props":
[],"__typename":"Component"}],"grouping":"CUSTOM","__typename":"ComponentTemplate"},"properties":{"config":
{"applicablePages":[],"description":null,"fetchedContent":null,"__typename":"ComponentConfiguration"},"props":
[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":null,"form":null},"localOverride":
en-us-1774593127122":{"__typename":"CachedAsset","id":"component:custom.widget.HeroBanner-en-us-1774593127122","value":{"component":{"id":"custom.widget.HeroBanner","template":
{"id":"HeroBanner","markupLanguage":"REACT","style":null,"texts":{"searchPlaceholderText":"Search this
community","followActionText":"Follow","unfollowActionText":"Following","searchOnHoverText":"Please enter your
search term(s) and then press return key to complete a search.","blogs.sidebar.pagetitle":"Latest Blogs | Microsoft Tech
Community","followThisNode":"Follow this node","unfollowThisNode":"Unfollow this
node","customField.teamsLink.title":"Microsoft teams link","customField.teamsLink.label":"Teams meeting
url"},"defaults":{"config":{"applicablePages":
[],"description":null,"fetchedContent":null,"__typename":"ComponentConfiguration"},"props":
[{"id":"max_items","dataType":"NUMBER","list":false,"defaultValue":"3","label":"Max Items","description":"The
maximum number of items to display in the
carousel","possibleValues":null,"control":"INPUT","__typename":"PropDefinition"}],"__typename":"ComponentProperties"},"components":
[{"id":"custom.widget.HeroBanner","form":{"fields":
[{"id":"widgetChooser","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description
{"id":"title","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possi
{"id":"useTitle","validation":null,"noValidation":null,"dataType":"BOOLEAN","list":null,"control":null,"defaultValue":null,"label":null,"description":nul
{"id":"useBackground","validation":null,"noValidation":null,"dataType":"BOOLEAN","list":null,"control":null,"defaultValue":null,"label":null,"descripti
{"id":"widgetVisibility","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description
{"id":"moreOptions","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":n
https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/demystifying-ransomware-attacks-against-microsoft-defender/ba-p/1928947
Page 30 of 40

{"id":"cMax_items","validation":null,"noValidation":null,"dataType":"NUMBER","list":false,"control":"INPUT","defaultValue":"3","label":"Max
Items","description":"The maximum number of items to display in the
carousel","possibleValues":null,"__typename":"FormField"}],"layout":{"rows":
[{"id":"widgetChooserGroup","type":"fieldset","as":null,"items":
[{"id":"widgetChooser","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":
{"id":"titleGroup","type":"fieldset","as":null,"items":[{"id":"title","className":null,"__typename":"FormFieldRef"},
{"id":"useTitle","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"to
{"id":"useBackground","type":"fieldset","as":null,"items":
[{"id":"useBackground","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant"
{"id":"widgetVisibility","type":"fieldset","as":null,"items":
[{"id":"widgetVisibility","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant"
{"id":"moreOptionsGroup","type":"fieldset","as":null,"items":
[{"id":"moreOptions","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":nu
{"id":"componentPropsGroup","type":"fieldset","as":null,"items":
[{"id":"cMax_items","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":nu
[],"__typename":"Component"}],"grouping":"CUSTOM","__typename":"ComponentTemplate"},"properties":{"config":
{"applicablePages":[],"description":null,"fetchedContent":null,"__typename":"ComponentConfiguration"},"props":
[{"id":"max_items","dataType":"NUMBER","list":false,"defaultValue":"3","label":"Max Items","description":"The
maximum number of items to display in the
carousel","possibleValues":null,"control":"INPUT","__typename":"PropDefinition"}],"__typename":"ComponentProperties"},"form":
{"fields":
[{"id":"widgetChooser","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description
{"id":"title","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possi
{"id":"useTitle","validation":null,"noValidation":null,"dataType":"BOOLEAN","list":null,"control":null,"defaultValue":null,"label":null,"description":nul
{"id":"useBackground","validation":null,"noValidation":null,"dataType":"BOOLEAN","list":null,"control":null,"defaultValue":null,"label":null,"descripti
{"id":"widgetVisibility","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description
{"id":"moreOptions","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":n
{"id":"cMax_items","validation":null,"noValidation":null,"dataType":"NUMBER","list":false,"control":"INPUT","defaultValue":"3","label":"Max
Items","description":"The maximum number of items to display in the
carousel","possibleValues":null,"__typename":"FormField"}],"layout":{"rows":
[{"id":"widgetChooserGroup","type":"fieldset","as":null,"items":
[{"id":"widgetChooser","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":
{"id":"titleGroup","type":"fieldset","as":null,"items":[{"id":"title","className":null,"__typename":"FormFieldRef"},
{"id":"useTitle","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"to
{"id":"useBackground","type":"fieldset","as":null,"items":
[{"id":"useBackground","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant"
{"id":"widgetVisibility","type":"fieldset","as":null,"items":
[{"id":"widgetVisibility","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant"
{"id":"moreOptionsGroup","type":"fieldset","as":null,"items":
[{"id":"moreOptions","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":nu
{"id":"componentPropsGroup","type":"fieldset","as":null,"items":
[{"id":"cMax_items","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":nu
{"fields":
[{"id":"widgetChooser","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description
{"id":"title","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possi
{"id":"useTitle","validation":null,"noValidation":null,"dataType":"BOOLEAN","list":null,"control":null,"defaultValue":null,"label":null,"description":nul
{"id":"useBackground","validation":null,"noValidation":null,"dataType":"BOOLEAN","list":null,"control":null,"defaultValue":null,"label":null,"descripti
{"id":"widgetVisibility","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description
{"id":"moreOptions","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":n
{"id":"cMax_items","validation":null,"noValidation":null,"dataType":"NUMBER","list":false,"control":"INPUT","defaultValue":"3","label":"Max
Items","description":"The maximum number of items to display in the
carousel","possibleValues":null,"__typename":"FormField"}],"layout":{"rows":
[{"id":"widgetChooserGroup","type":"fieldset","as":null,"items":
[{"id":"widgetChooser","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":
{"id":"titleGroup","type":"fieldset","as":null,"items":[{"id":"title","className":null,"__typename":"FormFieldRef"},
{"id":"useTitle","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"to
{"id":"useBackground","type":"fieldset","as":null,"items":
[{"id":"useBackground","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant"
{"id":"widgetVisibility","type":"fieldset","as":null,"items":
[{"id":"widgetVisibility","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant"
{"id":"moreOptionsGroup","type":"fieldset","as":null,"items":
[{"id":"moreOptions","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":nu
{"id":"componentPropsGroup","type":"fieldset","as":null,"items":
[{"id":"cMax_items","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":nu
https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/demystifying-ransomware-attacks-against-microsoft-defender/ba-p/1928947
Page 31 of 40

en-us-1774593127122":{"__typename":"CachedAsset","id":"component:custom.widget.UnregisteredCTAWidget-en-us-1774593127122","value":{"component":{"id":"custom.widget.UnregisteredCTAWidget","template":
{"id":"UnregisteredCTAWidget","markupLanguage":"REACT","style":null,"texts":{"register.communityHub":"Welcome to
the {name} Community Hub. Sign in to like, participate, or start a conversation.","register.category":"Welcome to the
{name} Community Hub. Sign in to like, participate, or start a conversation.","register.discussionBoard":"Welcome to the
{name} space. Sign in to like, reply, or start a discussion.","register.blogSpace":"Welcome to the {name} space. Sign in to
like or comment on articles in this space.","register.eventSpace":"Welcome to the {name} space. Sign in to RSVP, add
events to your calendar, and join the conversation.","register.ideaSpace":"Welcome to the {name} space. Sign in to vote,
comment, or submit your own feedback.","buttonRegister":"Sign in","register.discussionBoardArticle":"Have a question or
insight to share? Sign in to join the discussion.","register.blogSpaceArticle":"Enjoying the article? Sign in to share your
thoughts.","register.eventSpaceArticle":"Don’t just watch - take part. Sign in to RSVP, ask questions, and join the
discussion.","register.ideaSpaceArticle":"Sign in to submit ideas, upvote ideas, and join the conversation."},"defaults":
{"config":{"applicablePages":
[],"description":null,"fetchedContent":null,"__typename":"ComponentConfiguration"},"props":
[],"__typename":"ComponentProperties"},"components":
[{"id":"custom.widget.UnregisteredCTAWidget","form":null,"config":null,"props":
[],"__typename":"Component"}],"grouping":"CUSTOM","__typename":"ComponentTemplate"},"properties":{"config":
{"applicablePages":[],"description":null,"fetchedContent":null,"__typename":"ComponentConfiguration"},"props":
[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":null,"form":null},"localOverride":
en-us-1774593127122":{"__typename":"CachedAsset","id":"component:custom.widget.SocialSharing-en-us-1774593127122","value":{"component":{"id":"custom.widget.SocialSharing","template":
{"id":"SocialSharing","markupLanguage":"HANDLEBARS","style":".sharePage {\n display: flex;\n justify-content:
center;\n background: #d7d7d7;\n padding: 0px;\n height: 60px;\n}\n.singleSocialIcons {\n display: flex;\n gap: 12px;\n list-style-type: none;\n padding: 0px;\n margin: 0;\n}\n.containers {\n display: flex;\n gap: 30px;\n}\n\n.listIcon {\n align-content: center;\n}\n.headingShare {\n display: inline;\n margin-right: 25px;\n margin-bottom: 0px;\n font-size: 20px;\n
font-weight: 550;\n align-content: center;\n}\n\n@media (max-width: 990px) {\n .sharePage {\n display: flex;\n justify-content: center;\n }\n\n .containers {\n display: inline-block;\n justify-content: center;\n align-content: center;\n align-items:
center;\n }\n .headingShare {\n display: flex;\n justify-content: center;\n }\n .singleSocialIcons {\n
}\n}\n","texts":null,"defaults":{"config":{"applicablePages":[],"description":"Adds buttons to share to various social media
websites","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":
[],"__typename":"ComponentProperties"},"components":
[{"id":"custom.widget.SocialSharing","form":null,"config":null,"props":
[],"__typename":"Component"}],"grouping":"CUSTOM","__typename":"ComponentTemplate"},"properties":{"config":
{"applicablePages":[],"description":"Adds buttons to share to various social media
websites","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":
[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":
{"css":".custom_widget_SocialSharing_sharePage_6x3n8_1 {\n display: flex;\n justify-content: center;\n background:
#d7d7d7;\n padding: 0;\n height: 3.75rem;\n}\n.custom_widget_SocialSharing_singleSocialIcons_6x3n8_8 {\n display:
flex;\n gap: 0.75rem;\n list-style-type: none;\n padding: 0;\n margin:
0;\n}\n.custom_widget_SocialSharing_containers_6x3n8_15 {\n display: flex;\n gap:
1.875rem;\n}\n.custom_widget_SocialSharing_listIcon_6x3n8_20 {\n align-content:
center;\n}\n.custom_widget_SocialSharing_headingShare_6x3n8_23 {\n display: inline;\n margin-right: 1.5625rem;\n
margin-bottom: 0;\n font-size: 1.25rem;\n font-weight: 550;\n align-content: center;\n}\n@media (max-width: 990px) {\n
.custom_widget_SocialSharing_sharePage_6x3n8_1 {\n display: flex;\n justify-content: center;\n }\n\n
.custom_widget_SocialSharing_containers_6x3n8_15 {\n display: inline-block;\n justify-content: center;\n align-content:
center;\n align-items: center;\n }\n .custom_widget_SocialSharing_headingShare_6x3n8_23 {\n display: flex;\n justify-content: center;\n }\n .custom_widget_SocialSharing_singleSocialIcons_6x3n8_8 {\n }\n}\n","tokens":
{"sharePage":"custom_widget_SocialSharing_sharePage_6x3n8_1","singleSocialIcons":"custom_widget_SocialSharing_singleSocialIcons_6x3n8_8","co
en-us-1774593127122":{"__typename":"CachedAsset","id":"component:custom.widget.MicrosoftFooter-en-us-1774593127122","value":{"component":{"id":"custom.widget.MicrosoftFooter","template":
{"id":"MicrosoftFooter","markupLanguage":"HANDLEBARS","style":".context-uhf {\r\n min-width: 280px;\r\n font-size:
15px;\r\n box-sizing: border-box;\r\n -ms-text-size-adjust: 100%;\r\n -webkit-text-size-adjust: 100%;\r\n & *,\r\n &
*:before,\r\n & *:after {\r\n box-sizing: inherit;\r\n }\r\n a.c-uhff-link {\r\n color: #616161;\r\n word-break: break-word;\r\n
text-decoration: none;\r\n }\r\n &a:link,\r\n &a:focus,\r\n &a:hover,\r\n &a:active,\r\n &a:visited {\r\n text-decoration:
none;\r\n color: inherit;\r\n }\r\n & div {\r\n font-family: 'Segoe UI', SegoeUI, 'Helvetica Neue', Helvetica, Arial, sans-serif;\r\n }\r\n}\r\n.c-uhff {\r\n background: #f2f2f2;\r\n margin: -1.5625;\r\n width: auto;\r\n height: auto;\r\n}\r\n.c-uhff-nav {\r\n margin: 0 auto;\r\n max-width: calc(1600px + 10%);\r\n padding: 0 5%;\r\n box-sizing: inherit;\r\n &:before,\r\n
&:after {\r\n content: ' ';\r\n display: table;\r\n clear: left;\r\n }\r\n @media only screen and (max-width: 1083px) {\r\n
padding-left: 12px;\r\n }\r\n .c-heading-4 {\r\n color: #616161;\r\n word-break: break-word;\r\n font-size: 15px;\r\n line-height: 20px;\r\n padding: 36px 0 4px;\r\n font-weight: 600;\r\n }\r\n .c-uhff-nav-row {\r\n .c-uhff-nav-group {\r\n display:
block;\r\n float: left;\r\n min-height: 1px;\r\n vertical-align: text-top;\r\n padding: 0 12px;\r\n width: 100%;\r\n zoom: 1;\r\n
&:first-child {\r\n padding-left: 0;\r\n @media only screen and (max-width: 1083px) {\r\n padding-left: 12px;\r\n }\r\n }\r\n
@media only screen and (min-width: 540px) and (max-width: 1082px) {\r\n width: 33.33333%;\r\n }\r\n @media only
screen and (min-width: 1083px) {\r\n width: 16.6666666667%;\r\n }\r\n ul.c-list.f-bare {\r\n font-size: 11px;\r\n line-height:
https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/demystifying-ransomware-attacks-against-microsoft-defender/ba-p/1928947
Page 32 of 40

16px;\r\n margin-top: 0;\r\n margin-bottom: 0;\r\n padding-left: 0;\r\n list-style-type: none;\r\n li {\r\n word-break: break-word;\r\n padding: 8px 0;\r\n margin: 0;\r\n }\r\n }\r\n }\r\n }\r\n}\r\n.c-uhff-base {\r\n background: #f2f2f2;\r\n margin: 0
auto;\r\n max-width: calc(1600px + 10%);\r\n padding: 30px 5% 16px;\r\n &:before,\r\n &:after {\r\n content: ' ';\r\n
display: table;\r\n }\r\n &:after {\r\n clear: both;\r\n }\r\n a.c-uhff-ccpa,\r\n a.c-uhff-consumer {\r\n display: flex;\r\n float:
left;\r\n font-size: 11px;\r\n line-height: 16px;\r\n padding: 4px 24px 0 0;\r\n }\r\n a.c-uhff-ccpa:hover,\r\n a.c-uhff-consumer:hover {\r\n text-decoration: underline;\r\n }\r\n ul.c-list {\r\n font-size: 11px;\r\n line-height: 16px;\r\n float:
right;\r\n margin: 3px 0;\r\n color: #616161;\r\n li {\r\n padding: 0 24px 4px 0;\r\n display: inline-block;\r\n }\r\n }\r\n .c-list.f-bare {\r\n padding-left: 0;\r\n list-style-type: none;\r\n }\r\n @media only screen and (max-width: 1083px) {\r\n
display: flex;\r\n flex-wrap: wrap;\r\n padding: 30px 24px 16px;\r\n }\r\n}\r\n\r\n.social-share {\r\n position: fixed;\r\n top:
60%;\r\n transform: translateY(-50%);\r\n left: 0;\r\n z-index: 1000;\r\n}\r\n\r\n.sharing-options {\r\n list-style: none;\r\n
padding: 0;\r\n margin: 0;\r\n display: block;\r\n flex-direction: column;\r\n background-color: white;\r\n width: 50px;\r\n
border-radius: 0px 7px 7px 0px;\r\n}\r\n.linkedin-icon {\r\n border-top-right-radius: 7px;\r\n}\r\n.linkedin-icon:hover {\r\n
border-radius: 0;\r\n}\r\n\r\n.social-share-email-image:hover {\r\n border-radius: 0;\r\n}\r\n\r\n.social-link-footer:hover
.linkedin-icon {\r\n border-radius: 0;\r\n}\r\n.social-link-footer:hover .social-share-email-image {\r\n border-radius:
0;\r\n}\r\n\r\n.social-link-footer img {\r\n width: 30px;\r\n height: auto;\r\n transition: filter 0.3s ease;\r\n}\r\n\r\n.social-share-list {\r\n width: 50px;\r\n}\r\n.social-share-rss-image {\r\n width: 30px;\r\n height: auto;\r\n transition: filter 0.3s
ease;\r\n}\r\n.sharing-options li {\r\n width: 50px;\r\n height: 50px;\r\n padding: 8px;\r\n box-sizing: border-box;\r\n border:
2px solid white;\r\n display: inline-block;\r\n text-align: center;\r\n opacity: 1;\r\n visibility: visible;\r\n transition: border
0.3s ease; /* Smooth transition effect */\r\n border-left: none;\r\n border-bottom: none; /* Apply bottom border to only last
item */\r\n}\r\n\r\n.social-share-list-linkedin {\r\n background-color: #0474b4;\r\n border-top-right-radius: 5px; /* Rounded
top right corner of first item*/\r\n}\r\n.social-share-list-facebook {\r\n background-color: #3c5c9c;\r\n}\r\n.social-share-list-xicon {\r\n background-color: #000;\r\n}\r\n.social-share-list-reddit {\r\n background-color: #fc4404;\r\n}\r\n.social-share-list-bluesky {\r\n background-color: #f0f2f5;\r\n}\r\n.social-share-list-rss {\r\n background-color: #ec7b1c;\r\n}\r\n.social-share-list-mail {\r\n background-color: #848484;\r\n border-bottom-right-radius: 5px; /* Rounded bottom right corner of last
item*/\r\n}\r\n.sharing-options li.social-share-list-mail {\r\n border-bottom: 2px solid white; /* Add bottom border only to
the last item */\r\n height: 52px; /* Increase last child height to make in align with the hover label */\r\n}\r\n.x-icon {\r\n
filter: invert(100%);\r\n transition: filter 0.3s ease;\r\n width: 20px !important;\r\n height: auto;\r\n padding-top: 5px
!important;\r\n}\r\n.bluesky-icon {\r\n filter: invert(20%) sepia(100%) saturate(3000%) hue-rotate(180deg);\r\n transition:
filter 0.3s ease;\r\n padding-top: 5px !important;\r\n width: 25px !important;\r\n}\r\n\r\n.share-icon {\r\n border: 2px solid
transparent;\r\n display: inline-block;\r\n position: relative;\r\n}\r\n\r\n.sharing-options li:hover {\r\n border: 2px solid
white;\r\n border-left: none;\r\n border-bottom: none;\r\n border-radius: 0px;\r\n}\r\n.sharing-options li.social-share-list-mail:hover {\r\n border-bottom: 2px solid white; /* Add bottom border only to the last item */\r\n}\r\n\r\n.sharing-options
li:hover .label {\r\n opacity: 1;\r\n visibility: visible;\r\n border: 2px solid white;\r\n box-sizing: border-box;\r\n border-left:
none;\r\n}\r\n\r\n.label {\r\n position: absolute;\r\n left: 100%;\r\n white-space: nowrap;\r\n opacity: 0;\r\n visibility:
hidden;\r\n transition: all 0.2s ease;\r\n color: white;\r\n border-radius: 0 10 0 10px;\r\n top: 50%;\r\n transform:
translateY(-50%);\r\n height: 52px;\r\n display: flex;\r\n align-items: center;\r\n justify-content: center;\r\n padding: 10px
12px 15px 8px;\r\n border: 2px solid white;\r\n}\r\n.linkedin {\r\n background-color: #0474b4;\r\n border-top-right-radius:
5px; /* Rounded top right corner of first item*/\r\n}\r\n.facebook {\r\n background-color: #3c5c9c;\r\n}\r\n.twitter {\r\n
background-color: black;\r\n color: white;\r\n}\r\n.reddit {\r\n background-color: #fc4404;\r\n}\r\n.mail {\r\n background-color: #848484;\r\n border-bottom-right-radius: 5px; /* Rounded bottom right corner of last item*/\r\n}\r\n.bluesky {\r\n
background-color: #f0f2f5;\r\n color: black;\r\n}\r\n.rss {\r\n background-color: #ec7b1c;\r\n}\r\n\r\n@media (max-width:
991px) {\r\n .social-share {\r\n display: none;\r\n }\r\n}\r\n","texts":{"heading.whatsNew":"What's
new","heading.store":"Microsoft
Store","heading.education":"Education","heading.business":"Business","heading.developer":"Developer &
IT","heading.company":"Company","link.whatsNew.surfacePro":"Surface Pro","aria.whatsNew.surfacePro":"Surface Pro
What's new","link.whatsNew.surfaceLaptop":"Surface Laptop","aria.whatsNew.surfaceLaptop":"Surface Laptop What's
new","link.whatsNew.surfaceLaptopStudio2":"Surface Laptop Studio 2","aria.whatsNew.surfaceLaptopStudio2":"Surface
Laptop Studio 2 What's new","link.whatsNew.copilotOrganizations":"Copilot for
organizations","aria.whatsNew.copilotOrganizations":"Copilot for organizations What's
new","link.whatsNew.copilotPersonal":"Copilot for personal use","aria.whatsNew.copilotPersonal":"Copilot for personal
use What's new","link.whatsNew.aiInWindows":"AI in Windows","aria.whatsNew.aiInWindows":"AI in Windows What's
new","link.whatsNew.exploreProducts":"Explore Microsoft products","aria.whatsNew.exploreProducts":"Explore Microsoft
products What's new","link.whatsNew.windows11Apps":"Windows 11 apps","aria.whatsNew.windows11Apps":"Windows
11 apps What's new","link.store.accountProfile":"Account profile","aria.store.accountProfile":"Account profile Microsoft
Store","link.store.downloadCenter":"Download Center","aria.store.downloadCenter":"Download Center Microsoft
Store","link.store.support":"Microsoft Store support","aria.store.support":"Microsoft Store support Microsoft
Store","link.store.returns":"Returns","aria.store.returns":"Returns Microsoft Store","link.store.orderTracking":"Order
tracking","aria.store.orderTracking":"Order tracking Microsoft Store","link.store.certifiedRefurbished":"Certified
Refurbished","aria.store.certifiedRefurbished":"Certified Refurbished Microsoft Store","link.store.promise":"Microsoft
Store Promise","aria.store.promise":"Microsoft Store Promise Microsoft Store","link.store.flexiblePayments":"Flexible
Payments","aria.store.flexiblePayments":"Flexible Payments Microsoft
Store","link.education.microsoftInEducation":"Microsoft in education","aria.education.microsoftInEducation":"Microsoft in
education Education","link.education.devices":"Devices for education","aria.education.devices":"Devices for education
Education","link.education.teams":"Microsoft Teams for Education","aria.education.teams":"Microsoft Teams for Education
https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/demystifying-ransomware-attacks-against-microsoft-defender/ba-p/1928947
Page 33 of 40

Education","link.education.m365":"Microsoft 365 Education","aria.education.m365":"Microsoft 365 Education
Education","link.education.howToBuy":"How to buy for your school","aria.education.howToBuy":"How to buy for your
school Education","link.education.training":"Educator training and development","aria.education.training":"Educator
training and development Education","link.education.deals":"Deals for students and parents","aria.education.deals":"Deals
for students and parents Education","link.education.ai":"AI for education","aria.education.ai":"AI for education
Education","link.business.microsoftAi":"Microsoft AI","aria.business.microsoftAi":"Microsoft AI
Business","link.business.security":"Microsoft Security","aria.business.security":"Microsoft Security
Business","link.business.dynamics":"Dynamics 365","aria.business.dynamics":"Dynamics 365
Business","link.business.m365":"Microsoft 365","aria.business.m365":"Microsoft 365
Business","link.business.powerPlatform":"Microsoft Power Platform","aria.business.powerPlatform":"Microsoft Power
Platform Business","link.business.teams":"Microsoft Teams","aria.business.teams":"Microsoft Teams
Business","link.business.m365Copilot":"Microsoft 365 Copilot","aria.business.m365Copilot":"Microsoft 365 Copilot
Business","link.business.smallBusiness":"Small Business","aria.business.smallBusiness":"Small Business
Business","link.developer.azure":"Azure","aria.developer.azure":"Azure Developer &
IT","link.developer.developerCenter":"Microsoft Developer","aria.developer.developerCenter":"Microsoft Developer
Developer & IT","link.developer.learn":"Microsoft Learn","aria.developer.learn":"Microsoft Learn Developer &
IT","link.developer.aiMarketplace":"Support for AI marketplace apps","aria.developer.aiMarketplace":"Support for AI
marketplace apps Developer & IT","link.developer.techCommunity":"Microsoft Tech
Community","aria.developer.techCommunity":"Microsoft Tech Community Developer &
IT","link.developer.marketplace":"Microsoft Marketplace","aria.developer.marketplace":"Microsoft Marketplace Developer
& IT","link.developer.marketplaceRewards":"Marketplace Rewards","aria.developer.marketplaceRewards":"Marketplace
Rewards Developer & IT","link.developer.visualStudio":"Visual Studio","aria.developer.visualStudio":"Visual Studio
Developer & IT","link.company.careers":"Careers","aria.company.careers":"Careers
Company","link.company.about":"About Microsoft","aria.company.about":"About Microsoft
Company","link.company.news":"Company news","aria.company.news":"Company news
Company","link.company.privacy":"Privacy at Microsoft","aria.company.privacy":"Privacy at Microsoft
Company","link.company.investors":"Investors","aria.company.investors":"Investors
Company","link.company.diversity":"Diversity and inclusion","aria.company.diversity":"Diversity and inclusion
Company","link.company.accessibility":"Accessibility","aria.company.accessibility":"Accessibility
Company","link.company.sustainability":"Sustainability","aria.company.sustainability":"Sustainability
Company","ccpa.label":"Your Privacy Choices","consumerhealthprivacy.label":"Consumer Health
Privacy","corp.sitemap":"Sitemap","corp.contact":"Contact
Microsoft","corp.privacy":"Privacy","corp.manageCookies":"Manage cookies","corp.terms":"Terms of
use","corp.trademarks":"Trademarks","corp.safetyEco":"Safety &
eco","corp.recycling":"Recycling","corp.aboutAds":"About our
ads","corp.microsoft":"Microsoft","social.linkedin.alt":"Share to LinkedIn","social.linkedin.label":"Share on
LinkedIn","social.facebook.alt":"Share to Facebook","social.facebook.label":"Share on Facebook","social.x.alt":"Share to
X","social.x.label":"Share on X","social.reddit.alt":"Share to Reddit","social.reddit.label":"Share on
Reddit","social.bluesky.alt":"Share to Blue Sky","social.bluesky.label":"Share on Bluesky","social.rss.alt":"Subscribe to
RSS","social.rss.label":"Share on RSS","social.email.alt":"Share to Email","social.email.label":"Share on
Email"},"defaults":{"config":{"applicablePages":[],"description":"The Microsoft
Footer","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":
[],"__typename":"ComponentProperties"},"components":
[{"id":"custom.widget.MicrosoftFooter","form":null,"config":null,"props":
[],"__typename":"Component"}],"grouping":"CUSTOM","__typename":"ComponentTemplate"},"properties":{"config":
{"applicablePages":[],"description":"The Microsoft
Footer","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":
[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":
{"css":".custom_widget_MicrosoftFooter_context-uhf_qp4x5_1 {\r\n min-width: 17.5rem;\r\n font-size: 0.9375rem;\r\n
box-sizing: border-box;\r\n -ms-text-size-adjust: 100%;\r\n -webkit-text-size-adjust: 100%;\r\n & *,\r\n & *:before,\r\n &
*:after {\r\n box-sizing: inherit;\r\n }\r\n a.custom_widget_MicrosoftFooter_c-uhff-link_qp4x5_23 {\r\n color: #616161;\r\n
word-break: break-word;\r\n text-decoration: none;\r\n }\r\n &a:link,\r\n &a:focus,\r\n &a:hover,\r\n &a:active,\r\n
&a:visited {\r\n text-decoration: none;\r\n color: inherit;\r\n }\r\n & div {\r\n font-family: 'Segoe UI', SegoeUI, 'Helvetica
Neue', Helvetica, Arial, sans-serif;\r\n }\r\n}\r\n.custom_widget_MicrosoftFooter_c-uhff_qp4x5_23 {\r\n background:
#f2f2f2;\r\n margin: -1.5625;\r\n width: auto;\r\n height: auto;\r\n}\r\n.custom_widget_MicrosoftFooter_c-uhff-nav_qp4x5_69 {\r\n margin: 0 auto;\r\n max-width: calc(100rem + 10%);\r\n padding: 0 5%;\r\n box-sizing: inherit;\r\n
&:before,\r\n &:after {\r\n content: ' ';\r\n display: table;\r\n clear: left;\r\n }\r\n @media only screen and (max-width:
1083px) {\r\n padding-left: 0.75rem;\r\n }\r\n .custom_widget_MicrosoftFooter_c-heading-4_qp4x5_97 {\r\n color:
#616161;\r\n word-break: break-word;\r\n font-size: 0.9375rem;\r\n line-height: 1.25rem;\r\n padding: 2.25rem 0
0.25rem;\r\n font-weight: 600;\r\n }\r\n .custom_widget_MicrosoftFooter_c-uhff-nav-row_qp4x5_113 {\r\n
.custom_widget_MicrosoftFooter_c-uhff-nav-group_qp4x5_115 {\r\n display: block;\r\n float: left;\r\n min-height:
0.0625rem;\r\n vertical-align: text-top;\r\n padding: 0 0.75rem;\r\n width: 100%;\r\n zoom: 1;\r\n &:first-child {\r\n padding-left: 0;\r\n @media only screen and (max-width: 1083px) {\r\n padding-left: 0.75rem;\r\n }\r\n }\r\n @media only screen
and (min-width: 540px) and (max-width: 1082px) {\r\n width: 33.33333%;\r\n }\r\n @media only screen and (min-width:
https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/demystifying-ransomware-attacks-against-microsoft-defender/ba-p/1928947
Page 34 of 40

1083px) {\r\n width: 16.6666666667%;\r\n }\r\n ul.custom_widget_MicrosoftFooter_c-list_qp4x5_155.custom_widget_MicrosoftFooter_f-bare_qp4x5_155 {\r\n font-size: 0.6875rem;\r\n line-height: 1rem;\r\n
margin-top: 0;\r\n margin-bottom: 0;\r\n padding-left: 0;\r\n list-style-type: none;\r\n li {\r\n word-break: break-word;\r\n
padding: 0.5rem 0;\r\n margin: 0;\r\n }\r\n }\r\n }\r\n }\r\n}\r\n.custom_widget_MicrosoftFooter_c-uhff-base_qp4x5_187
{\r\n background: #f2f2f2;\r\n margin: 0 auto;\r\n max-width: calc(100rem + 10%);\r\n padding: 1.875rem 5% 1rem;\r\n
&:before,\r\n &:after {\r\n content: ' ';\r\n display: table;\r\n }\r\n &:after {\r\n clear: both;\r\n }\r\n
a.custom_widget_MicrosoftFooter_c-uhff-ccpa_qp4x5_213,\r\n a.custom_widget_MicrosoftFooter_c-uhff-consumer_qp4x5_215 {\r\n display: flex;\r\n float: left;\r\n font-size: 0.6875rem;\r\n line-height: 1rem;\r\n padding: 0.25rem
1.5rem 0 0;\r\n }\r\n a.custom_widget_MicrosoftFooter_c-uhff-ccpa_qp4x5_213:hover,\r\n
a.custom_widget_MicrosoftFooter_c-uhff-consumer_qp4x5_215:hover {\r\n text-decoration: underline;\r\n }\r\n
ul.custom_widget_MicrosoftFooter_c-list_qp4x5_155 {\r\n font-size: 0.6875rem;\r\n line-height: 1rem;\r\n float: right;\r\n
margin: 0.1875rem 0;\r\n color: #616161;\r\n li {\r\n padding: 0 1.5rem 0.25rem 0;\r\n display: inline-block;\r\n }\r\n }\r\n
.custom_widget_MicrosoftFooter_c-list_qp4x5_155.custom_widget_MicrosoftFooter_f-bare_qp4x5_155 {\r\n padding-left:
0;\r\n list-style-type: none;\r\n }\r\n @media only screen and (max-width: 1083px) {\r\n display: flex;\r\n flex-wrap:
wrap;\r\n padding: 1.875rem 1.5rem 1rem;\r\n }\r\n}\r\n.custom_widget_MicrosoftFooter_social-share_qp4x5_281 {\r\n
position: fixed;\r\n top: 60%;\r\n transform: translateY(-50%);\r\n left: 0;\r\n z-index:
1000;\r\n}\r\n.custom_widget_MicrosoftFooter_sharing-options_qp4x5_297 {\r\n list-style: none;\r\n padding: 0;\r\n
margin: 0;\r\n display: block;\r\n flex-direction: column;\r\n background-color: white;\r\n width: 3.125rem;\r\n border-radius: 0 0.4375rem 0.4375rem 0;\r\n}\r\n.custom_widget_MicrosoftFooter_linkedin-icon_qp4x5_317 {\r\n border-top-right-radius: 7px;\r\n}\r\n.custom_widget_MicrosoftFooter_linkedin-icon_qp4x5_317:hover {\r\n border-radius:
0;\r\n}\r\n.custom_widget_MicrosoftFooter_social-share-email-image_qp4x5_331:hover {\r\n border-radius:
0;\r\n}\r\n.custom_widget_MicrosoftFooter_social-link-footer_qp4x5_339:hover
.custom_widget_MicrosoftFooter_linkedin-icon_qp4x5_317 {\r\n border-radius:
0;\r\n}\r\n.custom_widget_MicrosoftFooter_social-link-footer_qp4x5_339:hover .custom_widget_MicrosoftFooter_social-share-email-image_qp4x5_331 {\r\n border-radius: 0;\r\n}\r\n.custom_widget_MicrosoftFooter_social-link-footer_qp4x5_339 img {\r\n width: 1.875rem;\r\n height: auto;\r\n transition: filter 0.3s
ease;\r\n}\r\n.custom_widget_MicrosoftFooter_social-share-list_qp4x5_365 {\r\n width:
3.125rem;\r\n}\r\n.custom_widget_MicrosoftFooter_social-share-rss-image_qp4x5_371 {\r\n width: 1.875rem;\r\n height:
auto;\r\n transition: filter 0.3s ease;\r\n}\r\n.custom_widget_MicrosoftFooter_sharing-options_qp4x5_297 li {\r\n width:
3.125rem;\r\n height: 3.125rem;\r\n padding: 0.5rem;\r\n box-sizing: border-box;\r\n border: 2px solid white;\r\n display:
inline-block;\r\n text-align: center;\r\n opacity: 1;\r\n visibility: visible;\r\n transition: border 0.3s ease; /* Smooth transition
effect */\r\n border-left: none;\r\n border-bottom: none; /* Apply bottom border to only last item
*/\r\n}\r\n.custom_widget_MicrosoftFooter_social-share-list-linkedin_qp4x5_411 {\r\n background-color: #0474b4;\r\n
border-top-right-radius: 5px; /* Rounded top right corner of first item*/\r\n}\r\n.custom_widget_MicrosoftFooter_social-share-list-facebook_qp4x5_419 {\r\n background-color: #3c5c9c;\r\n}\r\n.custom_widget_MicrosoftFooter_social-share-list-xicon_qp4x5_425 {\r\n background-color: #000;\r\n}\r\n.custom_widget_MicrosoftFooter_social-share-list-reddit_qp4x5_431 {\r\n background-color: #fc4404;\r\n}\r\n.custom_widget_MicrosoftFooter_social-share-list-bluesky_qp4x5_437 {\r\n background-color: #f0f2f5;\r\n}\r\n.custom_widget_MicrosoftFooter_social-share-list-rss_qp4x5_443 {\r\n background-color: #ec7b1c;\r\n}\r\n.custom_widget_MicrosoftFooter_social-share-list-mail_qp4x5_449 {\r\n background-color: #848484;\r\n border-bottom-right-radius: 5px; /* Rounded bottom right corner of
last item*/\r\n}\r\n.custom_widget_MicrosoftFooter_sharing-options_qp4x5_297 li.custom_widget_MicrosoftFooter_social-share-list-mail_qp4x5_449 {\r\n border-bottom: 2px solid white; /* Add bottom border only to the last item */\r\n height:
3.25rem; /* Increase last child height to make in align with the hover label */\r\n}\r\n.custom_widget_MicrosoftFooter_x-icon_qp4x5_465 {\r\n filter: invert(100%);\r\n transition: filter 0.3s ease;\r\n width: 1.25rem !important;\r\n height: auto;\r\n
padding-top: 0.3125rem !important;\r\n}\r\n.custom_widget_MicrosoftFooter_bluesky-icon_qp4x5_479 {\r\n filter:
invert(20%) sepia(100%) saturate(3000%) hue-rotate(180deg);\r\n transition: filter 0.3s ease;\r\n padding-top: 0.3125rem
!important;\r\n width: 1.5625rem !important;\r\n}\r\n.custom_widget_MicrosoftFooter_share-icon_qp4x5_493 {\r\n border:
2px solid transparent;\r\n display: inline-block;\r\n position: relative;\r\n}\r\n.custom_widget_MicrosoftFooter_sharing-options_qp4x5_297 li:hover {\r\n border: 2px solid white;\r\n border-left: none;\r\n border-bottom: none;\r\n border-radius:
0;\r\n}\r\n.custom_widget_MicrosoftFooter_sharing-options_qp4x5_297 li.custom_widget_MicrosoftFooter_social-share-list-mail_qp4x5_449:hover {\r\n border-bottom: 2px solid white; /* Add bottom border only to the last item
*/\r\n}\r\n.custom_widget_MicrosoftFooter_sharing-options_qp4x5_297 li:hover
.custom_widget_MicrosoftFooter_label_qp4x5_525 {\r\n opacity: 1;\r\n visibility: visible;\r\n border: 2px solid white;\r\n
box-sizing: border-box;\r\n border-left: none;\r\n}\r\n.custom_widget_MicrosoftFooter_label_qp4x5_525 {\r\n position:
absolute;\r\n left: 100%;\r\n white-space: nowrap;\r\n opacity: 0;\r\n visibility: hidden;\r\n transition: all 0.2s ease;\r\n color:
white;\r\n border-radius: 0 10 0 0.625rem;\r\n top: 50%;\r\n transform: translateY(-50%);\r\n height: 3.25rem;\r\n display:
flex;\r\n align-items: center;\r\n justify-content: center;\r\n padding: 0.625rem 0.75rem 0.9375rem 0.5rem;\r\n border: 2px
solid white;\r\n}\r\n.custom_widget_MicrosoftFooter_linkedin_qp4x5_317 {\r\n background-color: #0474b4;\r\n border-top-right-radius: 5px; /* Rounded top right corner of first
item*/\r\n}\r\n.custom_widget_MicrosoftFooter_facebook_qp4x5_585 {\r\n background-color:
#3c5c9c;\r\n}\r\n.custom_widget_MicrosoftFooter_twitter_qp4x5_591 {\r\n background-color: black;\r\n color:
white;\r\n}\r\n.custom_widget_MicrosoftFooter_reddit_qp4x5_599 {\r\n background-color:
#fc4404;\r\n}\r\n.custom_widget_MicrosoftFooter_mail_qp4x5_605 {\r\n background-color: #848484;\r\n border-bottom-right-radius: 5px; /* Rounded bottom right corner of last
https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/demystifying-ransomware-attacks-against-microsoft-defender/ba-p/1928947
Page 35 of 40

item*/\r\n}\r\n.custom_widget_MicrosoftFooter_bluesky_qp4x5_479 {\r\n background-color: #f0f2f5;\r\n color:
black;\r\n}\r\n.custom_widget_MicrosoftFooter_rss_qp4x5_621 {\r\n background-color: #ec7b1c;\r\n}\r\n@media (max-width: 991px) {\r\n .custom_widget_MicrosoftFooter_social-share_qp4x5_281 {\r\n display: none;\r\n }\r\n}\r\n","tokens":
{"context-uhf":"custom_widget_MicrosoftFooter_context-uhf_qp4x5_1","c-uhff-link":"custom_widget_MicrosoftFooter_c-uhff-link_qp4x5_23","c-uhff":"custom_widget_MicrosoftFooter_c-uhff_qp4x5_23","c-uhff-nav":"custom_widget_MicrosoftFooter_c-uhff-nav_qp4x5_69","c-heading-4":"custom_widget_MicrosoftFooter_c-heading-4_qp4x5_97","c-uhff-nav-row":"custom_widget_MicrosoftFooter_c-uhff-nav-row_qp4x5_113","c-uhff-nav-group":"custom_widget_MicrosoftFooter_c-uhff-nav-group_qp4x5_115","c-list":"custom_widget_MicrosoftFooter_c-list_qp4x5_155","f-bare":"custom_widget_MicrosoftFooter_f-bare_qp4x5_155","c-uhff-base":"custom_widget_MicrosoftFooter_c-uhff-base_qp4x5_187","c-uhff-ccpa":"custom_widget_MicrosoftFooter_c-uhff-ccpa_qp4x5_213","c-uhff-consumer":"custom_widget_MicrosoftFooter_c-uhff-consumer_qp4x5_215","social-share":"custom_widget_MicrosoftFooter_social-share_qp4x5_281","sharing-options":"custom_widget_MicrosoftFooter_sharing-options_qp4x5_297","linkedin-icon":"custom_widget_MicrosoftFooter_linkedin-icon_qp4x5_317","social-share-email-image":"custom_widget_MicrosoftFooter_social-share-email-image_qp4x5_331","social-link-footer":"custom_widget_MicrosoftFooter_social-link-footer_qp4x5_339","social-share-list":"custom_widget_MicrosoftFooter_social-share-list_qp4x5_365","social-share-rss-image":"custom_widget_MicrosoftFooter_social-share-rss-image_qp4x5_371","social-share-list-linkedin":"custom_widget_MicrosoftFooter_social-share-list-linkedin_qp4x5_411","social-share-list-facebook":"custom_widget_MicrosoftFooter_social-share-list-facebook_qp4x5_419","social-share-list-xicon":"custom_widget_MicrosoftFooter_social-share-list-xicon_qp4x5_425","social-share-list-reddit":"custom_widget_MicrosoftFooter_social-share-list-reddit_qp4x5_431","social-share-list-bluesky":"custom_widget_MicrosoftFooter_social-share-list-bluesky_qp4x5_437","social-share-list-rss":"custom_widget_MicrosoftFooter_social-share-list-rss_qp4x5_443","social-share-list-mail":"custom_widget_MicrosoftFooter_social-share-list-mail_qp4x5_449","x-icon":"custom_widget_MicrosoftFooter_x-icon_qp4x5_465","bluesky-icon":"custom_widget_MicrosoftFooter_bluesky-icon_qp4x5_479","share-icon":"custom_widget_MicrosoftFooter_share-icon_qp4x5_493","label":"custom_widget_MicrosoftFooter_label_qp4x5_525","linkedin":"custom_widget_MicrosoftFooter_linkedin_qp4x5_317","faceb
components/community/Breadcrumb-1775111751202":{"__typename":"CachedAsset","id":"text:en_US-components/community/Breadcrumb-1775111751202","value":{"navLabel":"Breadcrumbs","dropdown":"Additional parent
page navigation"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageBanner-1775111751202":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageBanner-1775111751202","value":{"messageMarkedAsSpam":"This post has been marked as
spam","messageMarkedAsSpam@board:TKB":"This article has been marked as
spam","messageMarkedAsSpam@board:BLOG":"This post has been marked as
spam","messageMarkedAsSpam@board:FORUM":"This discussion has been marked as
spam","messageMarkedAsSpam@board:OCCASION":"This event has been marked as
spam","messageMarkedAsSpam@board:IDEA":"This idea has been marked as spam","manageSpam":"Manage
Spam","messageMarkedAsAbuse":"This post has been marked as abuse","messageMarkedAsAbuse@board:TKB":"This
article has been marked as abuse","messageMarkedAsAbuse@board:BLOG":"This post has been marked as
abuse","messageMarkedAsAbuse@board:FORUM":"This discussion has been marked as
abuse","messageMarkedAsAbuse@board:OCCASION":"This event has been marked as
abuse","messageMarkedAsAbuse@board:IDEA":"This idea has been marked as
abuse","preModCommentAuthorText":"This comment will be published as soon as it is
approved","preModCommentModeratorText":"This comment is awaiting moderation","messageMarkedAsOther":"This post
has been rejected due to other reasons","messageMarkedAsOther@board:TKB":"This article has been rejected due to other
reasons","messageMarkedAsOther@board:BLOG":"This post has been rejected due to other
reasons","messageMarkedAsOther@board:FORUM":"This discussion has been rejected due to other
reasons","messageMarkedAsOther@board:OCCASION":"This event has been rejected due to other
reasons","messageMarkedAsOther@board:IDEA":"This idea has been rejected due to other
reasons","messageArchived":"This post was archived on {date}","relatedUrl":"View Related
Content","relatedContentText":"Showing related content","archivedContentLink":"View Archived
Content"},"localOverride":false},"Category:category:Exchange":
{"__typename":"Category","id":"category:Exchange","categoryPolicies":
{"__typename":"CategoryPolicies","canReadNode":
{"__typename":"PolicyResult","failureReason":null}}},"Category:category:Outlook":
{"__typename":"Category","id":"category:Outlook","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":
{"__typename":"PolicyResult","failureReason":null}}},"Category:category:Community-Info-Center":
{"__typename":"Category","id":"category:Community-Info-Center","categoryPolicies":
{"__typename":"CategoryPolicies","canReadNode":
{"__typename":"PolicyResult","failureReason":null}}},"Category:category:EducationSector":
{"__typename":"Category","id":"category:EducationSector","categoryPolicies":
{"__typename":"CategoryPolicies","canReadNode":
{"__typename":"PolicyResult","failureReason":null}}},"Category:category:DrivingAdoption":
https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/demystifying-ransomware-attacks-against-microsoft-defender/ba-p/1928947
Page 36 of 40

{"__typename":"Category","id":"category:DrivingAdoption","categoryPolicies":
{"__typename":"CategoryPolicies","canReadNode":
{"__typename":"PolicyResult","failureReason":null}}},"Category:category:Azure":
{"__typename":"Category","id":"category:Azure","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":
{"__typename":"PolicyResult","failureReason":null}}},"Category:category:Windows-Server":
{"__typename":"Category","id":"category:Windows-Server","categoryPolicies":
{"__typename":"CategoryPolicies","canReadNode":
{"__typename":"PolicyResult","failureReason":null}}},"Category:category:MicrosoftTeams":
{"__typename":"Category","id":"category:MicrosoftTeams","categoryPolicies":
{"__typename":"CategoryPolicies","canReadNode":
{"__typename":"PolicyResult","failureReason":null}}},"Category:category:PublicSector":
{"__typename":"Category","id":"category:PublicSector","categoryPolicies":
{"__typename":"CategoryPolicies","canReadNode":
{"__typename":"PolicyResult","failureReason":null}}},"Category:category:microsoft365":
{"__typename":"Category","id":"category:microsoft365","categoryPolicies":
{"__typename":"CategoryPolicies","canReadNode":
{"__typename":"PolicyResult","failureReason":null}}},"Category:category:IoT":
{"__typename":"Category","id":"category:IoT","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":
{"__typename":"PolicyResult","failureReason":null}}},"Category:category:HealthcareAndLifeSciences":
{"__typename":"Category","id":"category:HealthcareAndLifeSciences","categoryPolicies":
{"__typename":"CategoryPolicies","canReadNode":
{"__typename":"PolicyResult","failureReason":null}}},"Category:category:ITOpsTalk":
{"__typename":"Category","id":"category:ITOpsTalk","categoryPolicies":
{"__typename":"CategoryPolicies","canReadNode":
{"__typename":"PolicyResult","failureReason":null}}},"Category:category:MicrosoftMechanics":
{"__typename":"Category","id":"category:MicrosoftMechanics","categoryPolicies":
{"__typename":"CategoryPolicies","canReadNode":
{"__typename":"PolicyResult","failureReason":null}}},"Category:category:MicrosoftforNonprofits":
{"__typename":"Category","id":"category:MicrosoftforNonprofits","categoryPolicies":
{"__typename":"CategoryPolicies","canReadNode":
{"__typename":"PolicyResult","failureReason":null}}},"Category:category:PartnerCommunity":
{"__typename":"Category","id":"category:PartnerCommunity","categoryPolicies":
{"__typename":"CategoryPolicies","canReadNode":
{"__typename":"PolicyResult","failureReason":null}}},"Category:category:Microsoft365Copilot":
{"__typename":"Category","id":"category:Microsoft365Copilot","categoryPolicies":
{"__typename":"CategoryPolicies","canReadNode":
{"__typename":"PolicyResult","failureReason":null}}},"Category:category:Windows":
{"__typename":"Category","id":"category:Windows","categoryPolicies":
{"__typename":"CategoryPolicies","canReadNode":
{"__typename":"PolicyResult","failureReason":null}}},"Category:category:Content_Management":
{"__typename":"Category","id":"category:Content_Management","categoryPolicies":
{"__typename":"CategoryPolicies","canReadNode":
{"__typename":"PolicyResult","failureReason":null}}},"Category:category:CommunityNewsDesk":
{"__typename":"Category","id":"category:CommunityNewsDesk","categoryPolicies":
{"__typename":"CategoryPolicies","canReadNode":
{"__typename":"PolicyResult","failureReason":null}}},"Category:category:microsoft-learn-for-educators":
{"__typename":"Category","id":"category:microsoft-learn-for-educators","categoryPolicies":
{"__typename":"CategoryPolicies","canReadNode":
{"__typename":"PolicyResult","failureReason":null}}},"Category:category:mvp":
{"__typename":"Category","id":"category:mvp","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":
{"__typename":"PolicyResult","failureReason":null}}},"Category:category:microsoftintune":
{"__typename":"Category","id":"category:microsoftintune","categoryPolicies":
{"__typename":"CategoryPolicies","canReadNode":
{"__typename":"PolicyResult","failureReason":null}}},"Category:category:microsoft-global-community-initiative":
{"__typename":"Category","id":"category:microsoft-global-community-initiative","categoryPolicies":
{"__typename":"CategoryPolicies","canReadNode":
{"__typename":"PolicyResult","failureReason":null}}},"Category:category:usergroups":
{"__typename":"Category","id":"category:usergroups","categoryPolicies":
{"__typename":"CategoryPolicies","canReadNode":
{"__typename":"PolicyResult","failureReason":null}}},"Category:category:skills-hub":
{"__typename":"Category","id":"category:skills-hub","categoryPolicies":
{"__typename":"CategoryPolicies","canReadNode":
{"__typename":"PolicyResult","failureReason":null}}},"Blog:board:skills-hub-blog":
{"__typename":"Blog","id":"board:skills-hub-blog","blogPolicies":{"__typename":"BlogPolicies","canReadNode":
https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/demystifying-ransomware-attacks-against-microsoft-defender/ba-p/1928947
Page 37 of 40

{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":
{"__typename":"PolicyResult","failureReason":null}}},"CachedAsset:text:en_US-components/community/Navbar-1775111751202":{"__typename":"CachedAsset","id":"text:en_US-components/community/Navbar-1775111751202","value":{"community":"Community Home","inbox":"Inbox","manageContent":"Manage
Content","tos":"Terms of Service","forgotPassword":"Forgot Password","themeEditor":"Theme Editor","edit":"Edit
Navigation Bar","skipContent":"Skip to content","gxcuf89792":"Tech Community","windows-server":"Windows
Server","ms-learn-ext-security":"Microsoft Security","Common_Enntvz-i-t-ops-talk-link":"ITOps Talk","education-sector":"Education Sector","Common-external-link-9":"Microsoft 365","Common-external-link-8":"Dynamics
365","Common-external-link-7":"Skilling Room Directory","Common-external-link-6":"Events","Common-external-link-5":"Blogs","Common-external-link-4":"View All","Common-gxcuf89792-community":"Community","Common-external-link-3":"Topics","microsoft365":"Microsoft 365","Common_Enntvz-community-news-desk-link":"Community News
Desk","Common_Enntvz-azure-link":"Azure","Common-community-info-center-link":"Lounge","azure":"Azure","Common_Enntvz-windows-link":"Windows","Common_Enntvz-education-sector-link":"Education Sector","Common-windows-server-link":"Windows Server","products-link":"Products","Common_Enntvz-partner-community-link":"Microsoft Partner Community","microsoft-learn-blog":"Blog","Common-external-link-2":"View All","community-hub-link":"Community Hubs","Common-mvp-link":"Microsoft MVP Program","community-info-center":"Lounge","microsoft-endpoint-manager":"Microsoft
Intune","startupsat-microsoft":"Startups at Microsoft","ms-learn-ext-azure":"Azure","Common_Enntvz-content_management-link":"Content Management","ms-learn-ext-github":"Github","Common-microsoft365-
link":"Microsoft 365","Common-i-t-ops-talk-link":"ITOps Talk","Common_Enntvz-view-all-products-link":"View
All","Common-microsoft-global-community-initiative-link":"Microsoft Global Community Initiative (MGCI)","all-events-link":"Events","Common_Enntvz-microsoft-learn-for-educators-link":"Microsoft Learn for Educators","Common-external-link":"Community Hubs","Common-partner-community-link":"Microsoft Partner Community","Common-microsoft-learn-for-educators-link":"Microsoft Learn for Educators","Common_Enntvz-microsoft-teams-link":"Microsoft Teams","driving-adoption":"Driving Adoption","microsoft-learn":"Microsoft Learn","Common-healthcare-and-life-sciences-link":"Healthcare and Life Sciences","planner":"Outlook","Common_Enntvz-exchange-link":"Exchange","healthcare-and-life-sciences":"Healthcare and Life Sciences","Common-external-link-10":"View All","Common-driving-adoption-link":"Driving Adoption","ms-learn-ext-pp":"Power Platform","Common_Enntvz-windows-server-link":"Windows
Server","Common-io-t-link":"Internet of Things (IoT)","Skills-Hub":"Skills Hub","microsoft-teams":"Microsoft
Teams","Common-outlook-link":"Outlook","Common_Enntvz-public-sector-link":"Public Sector","Common-windows-link":"Windows","all-blogs-link":"Blogs","communities":"Products","Common_Enntvz-usergroups-link":"User
Groups","Common_Enntvz-microsoft-global-community-initiative-link":"Microsoft Global Community Initiative
(MGCI)","Skills-Hub-link":"Community","Common_Enntvz-io-t-link":"Internet of Things (IoT)","ms-learn-ext-m365":"Microsoft 365","Common_Enntvz-microsoft-mechanics-link":"Microsoft Mechanics","microsoft-learn-community":"Community","partner-community":"Microsoft Partner Community","Common-microsoft-mechanics-link":"Microsoft Mechanics","Common_Enntvz-healthcare-and-life-sciences-link":"Healthcare and Life
Sciences","microsoft-mechanics":"Microsoft Mechanics","Common-microsoft-security-link":"Microsoft
Security","Common-education-sector-link":"Education Sector","Skills-Hub-Blog":"Blog","i-t-ops-talk":"ITOps
Talk","microsoft-securityand-compliance":"Microsoft Security","Common_Enntvz-microsoftintune-link":"Microsoft
Intune","Common-azure-link":"Azure","Common-microsoftintune-link":"Microsoft Intune","Common_Enntvz-view-all-topics-link":"View All","Common-usergroups-link":"User Groups","Common-public-sector-link":"Public
Sector","Common_Enntvz-microsoft-security-link":"Microsoft Security","Common_Enntvz-outlook-link":"Outlook","Common_Enntvz-mvp-link":"Microsoft MVP Program","exchange":"Exchange","topics-link":"Topics","io-t":"Internet of Things (IoT)","Common-microsoft365-copilot-link":"Microsoft 365 Copilot","Common-microsoft-teams-link":"Microsoft Teams","s-m-b":"Nonprofit Community","Common_Enntvz-community-info-center-link":"Lounge","Common_Enntvz-microsoft365-copilot-link":"Microsoft 365 Copilot","Common_Enntvz-microsoftfor-nonprofits-link":"Nonprofit Community","Common_Enntvz-microsoft365-link":"Microsoft 365","Common-content_management-link":"Content Management","ms-learn-ext-teams":"Teams","s-q-l-server":"Content
Management","products-services":"Products","Common-community-news-desk-link":"Community News Desk","ms-learn-ext-LD":"Skilling Room Directory","Common-exchange-link":"Exchange","Common-gxcuf89792-link":"Tech
Community","windows":"Windows","public-sector":"Public Sector","Common_Enntvz-driving-adoption-link":"Driving
Adoption","Common-microsoftfor-nonprofits-link":"Nonprofit Community","ms-learn-ext-net":".NET","ms-learn-ext-dynamics":"Dynamics 365","a-i":"AI and Machine Learning","outlook":"Microsoft 365
Copilot"},"localOverride":false},"CachedAsset:text:en_US-components/community/NavbarHamburgerDropdown-1775111751202":{"__typename":"CachedAsset","id":"text:en_US-components/community/NavbarHamburgerDropdown-1775111751202","value":{"hamburgerLabelOpen":"Open Side Menu","hamburgerLabelClose":"Close Side
Menu"},"localOverride":false},"CachedAsset:text:en_US-components/community/BrandLogo-1775111751202":
{"__typename":"CachedAsset","id":"text:en_US-components/community/BrandLogo-1775111751202","value":
{"logoAlt":"Khoros","themeLogoAlt":"Brand Logo","linkAriaLabel":"Go to community home
page"},"localOverride":false},"CachedAsset:text:en_US-components/community/NavbarTextLinks-1775111751202":
{"__typename":"CachedAsset","id":"text:en_US-components/community/NavbarTextLinks-1775111751202","value":
{"more":"More"},"localOverride":false},"CachedAsset:text:en_US-components/search/SpotlightSearchIcon-1775111751202":{"__typename":"CachedAsset","id":"text:en_US-components/search/SpotlightSearchIcon-1775111751202","value":{"search":"Search"},"localOverride":false},"CachedAsset:text:en_US-https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/demystifying-ransomware-attacks-against-microsoft-defender/ba-p/1928947
Page 38 of 40

components/authentication/AuthenticationLink-1775111751202":{"__typename":"CachedAsset","id":"text:en_US-components/authentication/AuthenticationLink-1775111751202","value":{"title.login":"Sign
In","title.registration":"Register","title.forgotPassword":"Forgot Password","title.multiAuthLogin":"Sign
In"},"localOverride":false},"CachedAsset:text:en_US-components/nodes/NodeLink-1775111751202":
{"__typename":"CachedAsset","id":"text:en_US-components/nodes/NodeLink-1775111751202","value":{"place":"Go back
to {name}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageView/MessageViewStandard-1775111751202":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageView/MessageViewStandard-1775111751202","value":
{"anonymous":"Anonymous","author":"{messageAuthorLogin}","authorBy":"{messageAuthorLogin}","board":"
{messageBoardTitle}","replyToUser":" to {parentAuthor}","showMoreReplies":"Show
More","replyText":"Reply","repliesText":"Replies","markedAsSolved":"Marked as Solution","messageStatus":"Status:
","statusChanged":"Status changed: {previousStatus} to {currentStatus}","statusAdded":"Status added:
{status}","statusRemoved":"Status removed: {status}","labelExpand":"expand replies","labelCollapse":"collapse
replies","unhelpfulReason.reason1":"Content is outdated","unhelpfulReason.reason2":"Article is missing
information","unhelpfulReason.reason3":"Content is for a different Product","unhelpfulReason.reason4":"Doesn't match
what I was searching for"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageReplyCallToAction-1775111751202":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageReplyCallToAction-1775111751202","value":{"leaveReply":"Leave a
reply...","leaveReply@board:BLOG@message:root":"Leave a
comment...","leaveReply@board:TKB@message:root":"Leave a
comment...","leaveReply@board:IDEA@message:root":"Leave a
comment...","leaveReply@board:OCCASION@message:root":"Leave a comment...","repliesTurnedOff.FORUM":"Replies
are turned off for this topic","repliesTurnedOff.BLOG":"Comments are turned off for this
topic","repliesTurnedOff.TKB":"Comments are turned off for this topic","repliesTurnedOff.IDEA":"Comments are turned
off for this topic","repliesTurnedOff.OCCASION":"Comments are turned off for this topic","infoText":"Stop poking
me!"},"localOverride":false},"CachedAsset:text:en_US-components/community/NavbarDropdownToggle-1775111751202":{"__typename":"CachedAsset","id":"text:en_US-components/community/NavbarDropdownToggle-1775111751202","value":{"ariaLabelClosed":"Press the down arrow to open the
menu"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageCoverImage-1775111751202":
{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageCoverImage-1775111751202","value":
{"coverImageTitle":"Cover Image"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/nodes/NodeTitle-1775111751202":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/nodes/NodeTitle-1775111751202","value":{"nodeTitle":"{nodeTitle, select, community
{Community} other {{nodeTitle}}} "},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageTimeToRead-1775111751202":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageTimeToRead-1775111751202","value":{"minReadText":"{min} MIN
READ"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageSubject-1775111751202":
{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageSubject-1775111751202","value":
{"noSubject":"(no subject)"},"localOverride":false},"CachedAsset:text:en_US-components/users/UserLink-1775111751202":{"__typename":"CachedAsset","id":"text:en_US-components/users/UserLink-1775111751202","value":
{"authorName":"View Profile: {author}","anonymous":"Anonymous","ariaLabel.rank":"Rank:
{rankName}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/users/UserRank-1775111751202":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/users/UserRank-1775111751202","value":{"rankName":"{rankName}","userRank":"Author rank
{rankName}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageTime-1775111751202":
{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageTime-1775111751202","value":
{"postTime":"Published: {time}","lastPublishTime":"Last Update: {time}","conversation.lastPostingActivityTime":"Last
posting activity time: {time}","conversation.lastPostTime":"Last post time: {time}","moderationData.rejectTime":"Rejected
time: {time}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageBody-1775111751202":
{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageBody-1775111751202","value":
{"showMessageBody":"Show More","mentionsErrorTitle":"{mentionsType, select, board {Board} user {User} message
{Message} other {}} No Longer Available","mentionsErrorMessage":"The {mentionsType} you are trying to view has been
removed from the community.","videoProcessing":"Video is being processed. Please try again in a few
minutes.","bannerTitle":"Video provider requires cookies to play the video. Accept to continue or {url} it directly on the
provider's site.","buttonTitle":"Accept","urlText":"watch"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageCustomFields-1775111751202":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageCustomFields-1775111751202","value":{"CustomField.default.label":"Value of
{name}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageRevision-1775111751202":
{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageRevision-1775111751202","value":
{"lastUpdatedDatePublished":"{publishCount, plural, one{Published} other{Updated}}
{date}","lastUpdatedDateDraft":"Created {date}","version":"Version {major}.
{minor}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/QueryHandler-1775111751202":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/QueryHandler-1775111751202","value":{"title":"Query Handler"},"localOverride":false},"CachedAsset:text:en_US-https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/demystifying-ransomware-attacks-against-microsoft-defender/ba-p/1928947
Page 39 of 40

components/tags/TagList-1775111751202":{"__typename":"CachedAsset","id":"text:en_US-components/tags/TagList-1775111751202","value":{"showMoreFor":"Show more for {title}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageReplyButton-1775111751202":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageReplyButton-1775111751202","value":{"repliesCount":"
{count}","title":"Reply","title@board:BLOG@message:root":"Comment","title@board:TKB@message:root":"Comment","title@board:IDEA@message:
components/messages/MessageAuthorBio-1775111751202":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageAuthorBio-1775111751202","value":{"sendMessage":"Send
Message","actionMessage":"Follow this blog board to get notified when there's new activity","coAuthor":"CO-PUBLISHER","contributor":"CONTRIBUTOR","userProfile":"View Profile","iconlink":"Go to {name}
{type}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/users/UserAvatar-1775111751202":
{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/users/UserAvatar-1775111751202","value":
{"altText":"{login}'s avatar","altTextGeneric":"User's avatar"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/ranks/UserRankLabel-1775111751202":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/ranks/UserRankLabel-1775111751202","value":{"altTitle":"Icon for {rankName}
rank"},"localOverride":false},"CachedAsset:text:en_US-components/tags/TagView/TagViewChip-1775111751202":
{"__typename":"CachedAsset","id":"text:en_US-components/tags/TagView/TagViewChip-1775111751202","value":
{"tagLabelName":"Tag name {tagName}"},"localOverride":false},"CachedAsset:text:en_US-components/users/UserRegistrationDate-1775111751202":{"__typename":"CachedAsset","id":"text:en_US-components/users/UserRegistrationDate-1775111751202","value":{"noPrefix":"{date}","withPrefix":"Joined
{date}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/nodes/NodeAvatar-1775111751202":
{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/nodes/NodeAvatar-1775111751202","value":
{"altTitle":"Node avatar for {nodeTitle}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/nodes/NodeDescription-1775111751202":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/nodes/NodeDescription-1775111751202","value":{"description":"
{description}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/nodes/NodeIcon-1775111751202":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/nodes/NodeIcon-1775111751202","value":{"contentType":"Content Type {style, select, FORUM {Forum} BLOG {Blog} TKB {Knowledge
Base} IDEA {Ideas} OCCASION {Events} other {}}
icon"},"localOverride":false}}}},"page":"/blogs/BlogMessagePage/BlogMessagePage","query":
{"boardId":"coreinfrastructureandsecurityblog","messageSubject":"demystifying-ransomware-attacks-against-microsoft-defender-solution","messageId":"1928947"},"buildId":"VXuOn2D5MfObWEiRanLQ9","runtimeConfig":
{"buildInformationVisible":false,"logLevelApp":"info","logLevelMetrics":"info","surveysEnabled":true,"openTelemetry":
{"clientEnabled":false,"configName":"o365","serviceVersion":"26.1.0","universe":"prod","collector":"http://localhost:4318","logLevel":"error","routeCha
["components_community_Navbar_NavbarWidget","components_community_Breadcrumb_BreadcrumbWidget","components_customComponent_Custo
[{"id":"analytics","src":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/pagescripts/1751476272000/analytics.js?
page.id=BlogMessagePage&entity.id=board%3Acoreinfrastructureandsecurityblog&entity.id=message%3A1928947","strategy":"afterInteractive"}]}
Source: https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/demystifying-ransomware-attacks-against-microsoft-defender/ba-p/19289
47
https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/demystifying-ransomware-attacks-against-microsoft-defender/ba-p/1928947
Page 40 of 40