How Microsoft is Fighting Ransomware with New Phishing Simulations

Post Date: 08/17/2020
feature image

Protect your data while continuing to collaborate with our on-demand webinar “Protecting Sensitive Data in Office 365 at the Team and Data Levels.

What’s Ransomware and Phishing?

Ransomware is a form of malware that encrypts a victim’s files. By leveraging the encrypted data, the attacker will then require the victim to pay a ransom to restore access to their account or information.

Phishing is a type of cyber attack that can be leveraged for a ransomware attack. The goal here is to trick the recipient into believing an email they are receiving is legitimate and trying to coerce them into downloading malware or giving away their personal information.

Unfortunately, emails are more susceptible to phishing attacks than other platforms and services. Phishers are still able to identify targets and send emails that appear to look like they’re sent from co-workers, clients, and other seemingly reliable sources. An infamous comes to mind…


How Microsoft is Protecting Against Phishing

Although organizations want phishing emails to be blocked from ever entering their employees’ inboxes, the reality is that they need to constantly iterate on lists of URLs and attachments that need to be blocked. Via their roadmap, Microsoft has recently announced a new portal that will let admins explicitly allow or block ransomware.

Microsoft states, “We understand that from time to time, customers may want to ensure delivery of certain messages containing malicious content for specific reasons, such as phishing simulations and training.”

The growing popularity of this form of “spear phishing” is alarming for businesses, as the only obstacle standing between phishers and the information they want is generally the employee. No matter how advanced a company’s security measures are, they remain vulnerable if their employees are unprepared for these attacks.

Check out how Microsoft is leveraging phishing emails for employee training: Click To Tweet

Luckily, Office 365 Advanced Threat Protection will also offer admins an Attack Simulator tool that will be able to test employees on how they handle phishing, password spray, and ransomware attacks.

How Cloud Backup Solutions Help

But what if your employees aren’t prepared for these ransomware attacks and one of these phishing attacks succeeds? This is where cloud backup solutions shine. Cloud backup solutions will keep all of your organization’s files secure in the cloud and allow end-users to access them anytime, anywhere. They also offer protection in the form of encryption provided by your Cloud Service Provider.

Other features that should be considered when looking at third-party backup solutions are the ability to maintain version control and the ability to keep backup jobs scheduled throughout the day. This allows IT admins to execute time-based restores, giving them the power to restore the version of the data they need to ensure business continuity–even if said data was compromised.


As vital as backup is in the fight against ransomware, it’s also important to remember just how critical having a solution with restore capabilities and data-loss strategies is. Without features like multiple time-based backups end-users, admins, and IT organizations face constraints such as being unsure if the files that are restored are uncorrupted and uncompromised.

Organizations also risk losing varying amounts of progress if they can only restore outdated files. Therefore, having a cloud solution that has multiple backup times per day lets you identify the precise point-in-time to restore the data you need. This allows you to minimize any hindered progress that would have been lost had your assets been compromised by a successful phishing attack!

Microsoft’s newest tools for IT admins and a comprehensive cloud backup and recovery solution are critical components to any organization’s fight against malware. There are several steps and practices that admins can facilitate to minimize the chance of falling victim to a ransomware attack and reduce the impact on business. If you have any additional questions or comments please leave them below!

For more on data protection be sure to subscribe to our blog!

Spenser Bullock is a former AvePoint Channel Solutions Engineer, focused on enabling partners and their customers to utilize and maximize their Microsoft 365 technology adoption and usage.

View all post by Spenser Bullock

Subscribe to our blog