Sea Change in the MPN: Advanced Specializations Outnumber Competencies

The structure of the Microsoft Partner Network reached a significant milestone this week when the number of advanced specializations surpassed the number of competencies for the first time. It's a change worth paying attention to because it shows where Microsoft's priorities lie.

Competencies have been the major way for partners to demonstrate their expertise since Microsoft last restructured its program as the Microsoft Partner Network (MPN) more than a decade ago. Competencies come in Silver and Gold levels. Their number has ranged from about 30 at the peak to about 18 now.

Advanced specializations have developed over the last couple of years. Earned atop a Gold competency, advanced specializations have higher costs, require more training and employee certification and can have other requirements such as a third-party audit. As recently as last fall, there were only 11 advanced specializations.

On Wednesday, Microsoft unveiled a new batch of five advanced specializations, bringing the total number of specializations up to 23. That vaults the number of advanced specializations well ahead of the number of competencies.

Rodney Clark, Microsoft's new worldwide channel chief, put competencies in context against advanced specialization in an interview this week.

"We still recognize and value the competencies, but we also have to ensure that we're investing in the channel so that they are staying one step ahead of our customers. And to do that, we have to get deeper in terms of where and how we ask our ecosystem to specialize," Clark said.

One of the challenges that Microsoft is addressing, Clark said, is that many customers now have substantial technical expertise inside their organizations. Those customers are looking to channel partners for help on very specific issues and opportunities, he said.

So, for example, competencies around cloud include broad areas like Cloud Platform or Data Analytics. Within advanced specializations, badges include areas like SAP on Microsoft Azure, Windows Server and SQL Server Migration to Microsoft Azure or Linux and Open Source Databases Migration to Microsoft Azure.

"We still recognize and value the competencies, but we also have to ensure that we're investing in the channel so that they are staying one step ahead of our customers."

Rodney Clark, Worldwide Channel Chief, Microsoft

In short, the advanced specialization process is designed to result in a partner offering best-in-class, repeatable services, Clark said.

"We are going to continue to invest in specialization because that is now the currency," Clark said. The new advanced specializations launched this week are Microsoft Azure VMware Solution, AI and Machine Learning Microsoft Azure, Cloud Security, Hybrid Operations Management with Microsoft Azure Arc, and Hybrid Cloud Infrastructure with Microsoft Azure Stack HCI.

To be clear, while the number of distinct advanced specializations is now higher than the number of distinct competencies, the number of partners with competencies is orders of magnitude higher than the number with advanced specializations. About 400,000 partners have competencies, Clark said. Somewhere in the low 1,000s have earned advanced specializations.

Part of that is that the advanced specializations are newer. Another part is they're intentionally exclusive and harder to achieve.

Dan Truax, the general manager of partner digital experiences and programs at Microsoft, has been steadily rolling out the new advanced specializations in blog posts over the last year. In the blog announcing the new specializations this week, he pitched the value.

"For services partners, achieving an advanced specialization is a powerful way to validate, differentiate and showcase your organization's technical capabilities and experience," Truax wrote. "It can be a valuable way to highlight your capabilities, differentiate your organization and stand out with customers. With an advanced specialization, your organization can gain greater visibility in customer searches and the Microsoft partner directory, which can help your organization scale both now and in the long run. And with an Azure advanced specialization, you can also gain access to additional programs to help further expand your customer connections."

Truax's post acknowledged the investment of time and resources, and Clark said that one of the top challenges his team is currently focused on is helping partners visualize and plan for the road to profitability from investing in an advanced specialization to making money from one.

"A partner investing in specialization may recognize a return six months to nine months after they've invested in it. So they're saying, 'Hey, we know that profitability is there, but help us bridge this six to nine months,'" Clark said.

Posted by Scott Bekker on June 17, 2021 at 11:23 AM0 comments


Nadella Adds 'Chairman' to CEO Title at Microsoft

The Microsoft board looked at Satya Nadella's work for the last seven years as CEO and decided to add "chairman" to his title.

"In this role, Nadella will lead the work to set the agenda for the board, leveraging his deep understanding of the business to elevate the right strategic opportunities and identify key risks and mitigation approaches for the board's review," the company said in a statement Wednesday evening. Nadella was elected unanimously to the role by the Microsoft board's independent directors.

Nadella replaces John W. Thompson as chair. At the same time, Thompson was also unanimously elected as lead independent director. Thompson, the former chairman and CEO of Symantec, previously held that lead independent director role for Microsoft from 2012 to 2014.

"As lead independent director, Thompson will retain significant authority including providing input on behalf of the independent directors on board agendas, calling meetings of the independent directors, setting agendas for executive sessions, and leading performance evaluations of the CEO," the statement said.

Nadella becomes the first person to hold both titles since 2000, when co-founder Bill Gates passed the CEO role to Steve Ballmer. Gates stepped down as chairman in February 2014 when Nadella became CEO. Gates left Microsoft's board entirely in March 2020.

Last year, Gates and Microsoft said he was leaving to focus on his philanthropic efforts. Last month, it emerged that Gates' departure followed Microsoft having opened an internal investigation into reports that Gates had pursued a sexual relationship with an employee in 2000.

Nadella's new dual title reflects the confidence Microsoft's board has in Nadella's leadership. Although Nadella was widely respected in Silicon Valley in 2014, Microsoft engaged in a major PR campaign to assure investors that Gates would be working closely on a near day-to-day basis with Nadella.

Over time, discussions of Gates' involvement faded as Microsoft's reputation, cloud market share and stock price rapidly increased under Nadella's oversight. In recent years, Microsoft briefly reclaimed the title of most valuable company by market capitalization; it is currently No. 2 behind Apple.

The Microsoft board, in addition to Nadella and Thompson, consists of Reid Hoffman, Hugh Johnston, Teri List, Sandra E. Peterson, Penny Pritzker, Charles W. Scharf, John W. Stanton, Emma Walmsley and Padmasree Warrior.

Posted by Scott Bekker on June 17, 2021 at 8:34 AM0 comments


Microsoft Officially Shelves Windows 10X, Starts Windows 10 21H1 Rollout

Microsoft on Tuesday announced the general availability of Windows 10 21H1, as well as confirmed earlier reports of Windows 10X's demise.

Windows 10 21H1, also called the May 2021 Update, is currently available to "select devices running Windows 10," wrote John Cable, vice president of program management for Windows Servicing and Delivery, in a blog post. Cable detailed how the update can be accessed on his post, adding that broader availability will happen in phases.

"[W]e are initially taking a measured seeker-based approach to the rollout of the May 2021 Update," he said. "We are throttling availability up over the coming weeks to ensure a reliable download experience for all, so the update may not be offered to you right away."

As for Windows 10X, Microsoft doesn't plan to deliver that at all.

"Instead of bringing a product called Windows 10X to market in 2021 like we originally intended, we are leveraging learnings from our journey thus far and accelerating the integration of key foundational 10X technology into other parts of Windows and products at the company," wrote John Cable, vice president of program management for Windows Servicing and Delivery, in the blog post.

Windows 10X was part of a big announcement in October 2019 that involved unveiling Surface Duo, a foldable device running Google's Android operating system, and Surface Neo, with Windows 10X designed to power that dual-screen device. Microsoft shipped Surface Duo last fall, but delayed Surface Neo and later said Windows 10X was being repurposed to focus on single-screen devices.

Then, earlier this month, reports surfaced that Windows 10X was delayed, future uncertain.

Cable's blog post, which was billed as being about the availability of Windows 10 version 21H1, makes it official that Windows 10X is no more.

"Following a year-long exploration and engaging in conversations with customers, we realized that the technology of Windows 10X could be useful in more ways and serve more customers than we originally imagined. We concluded that the 10X technology shouldn't just be confined to a subset of customers," Cable said.

According to Cable, elements of Windows 10X are now present in Windows Insider preview builds. Those include new app container technology that is integrated into Microsoft Defender Application Guard and an enhanced Voice Typing experience. Another 10X legacy within Windows Insider preview builds involves a modernized touch keyboard with optimized key sizing, sounds, colors and animations, he said.

Posted by Scott Bekker on May 18, 2021 at 5:00 PM0 comments


Nadella: Microsoft Teams Users Nearly Doubled Since Start of Pandemic

Lest the impression set in that Microsoft Teams usage growth plateaued early in the pandemic, CEO Satya Nadella uncorked a massive new number this week as part of Microsoft's third quarter earnings release.

"Teams now has over 145 million daily active users, almost double the number a year ago," Nadella said during the earnings call Tuesday.

The real-time collaboration platform with video meeting capabilities vaulted from about 20 million daily active users in November 2019 to 75 million DAU by mid-March of 2020. Since then, Microsoft has been relatively quiet about Teams usage metrics. That changed this week, with Nadella providing more context for the continuing expansion of the Teams user base.

"The number of organizations with more than 1,000 users integrating their third-party and LOB apps with Teams has increased nearly 3X year over year," he said. "We are accelerating our innovation, adding over 300 features over the past year, including more than 100 new capabilities so far in 2021. ... Teams is extending beyond communications, creating an entirely new category of modern collaborative applications, as organizations use Power Platform to build custom apps, bots and workflows within Teams."

As vaccination counts increase worldwide, a big question for platforms that replace office interactions and travel-based meetings is whether the pandemic-related usage will last.

Nadella wants investors to believe that the momentum will continue. "In markets where employees have returned to the workplace, including Australia, China, New Zealand, South Korea and Taiwan, we have seen usage continue to grow," he said.

The remarks came as Microsoft announced third quarter earnings of $1.95 per share on revenues of $41.71 billion. Both exceeded analyst expectations, although the stock fell in after-hours trading.

The Teams milestone also came on a day with one of the higher-profile global outages for the service. The Microsoft 365 Status (@MSFT365Status) account on Twitter reported an outage initially impacting Europe and Asia around 6:30 a.m. ET on Tuesday and confirmed about 20 minutes later that it was a global issue for Teams. According to the account, the Teams environment appeared to be fully restored a few hours later at 9:03 a.m.

In other milestone metrics on Tuesday, Nadella noted that Office 365 now has nearly 300 million paid seats, Windows 10 has more than 1.3 billion monthly active devices and Azure Active Directory (Azure AD) has a paid customer base of over 300,000, more than double the total for last year.

Posted by Scott Bekker on April 28, 2021 at 9:11 AM0 comments


Nuance Acquisition Marks a Major Move by Microsoft in Health Care

With its second-biggest acquisition to date, Microsoft is massively increasing its bet on becoming a prime mover in health care tech.

Microsoft on Monday announced the planned acquisition of Nuance Communications for $19.7 billion. Boards of both companies unanimously approved the deal, which is expected to close this calendar year. Only Microsoft's $26.2 billion payment for LinkedIn in 2016 was larger in dollar terms.

Burlington, Mass.-based Nuance historically has a broad portfolio of artificial intelligence (AI) technology, including optical character recognition (OCR), and had a role in the speech recognition technology used by Apple for Siri. Recently, through divisional sales and repositioning, the company has been refining its focus to health care and enterprise AI. The company's core technology is primarily focused on speech recognition and transcription.

Microsoft's messaging about the deal heavily emphasizes the health care opportunity.

"Nuance provides the AI layer at the healthcare point of delivery and is a pioneer in the real-world application of enterprise AI," said Microsoft CEO Satya Nadella in a statement. "AI is technology's most important priority, and healthcare is its most urgent application. Together, with our partner ecosystem, we will put advanced AI solutions into the hands of professionals everywhere to drive better decision-making and create more meaningful connections, as we accelerate growth of Microsoft Cloud for Healthcare and Nuance."

[Click on image for larger view.] Mark Benjamin will remain as Nuance CEO, reporting to Scott Guthrie at Microsoft. (Source: Nuance Communications)

According to Microsoft, the deal doubles Microsoft's total addressable market in the health care provider space, where Microsoft is competing for attention and dollars with Amazon Web Services (AWS) and Google.

For health care providers, Nuance offers conversational AI and cloud-based ambient clinical intelligence. Products include the Dragon Ambient eXperience, Dragon Medical One and PowerScribe One for radiology reporting. All three of the clinical speech-recognition platforms run as SaaS offerings atop Microsoft Azure.

For Microsoft, the health care-specific AI reinforces the company's Microsoft Cloud for Healthcare and other moves in the sector. Microsoft also plans to leverage Nuance's experts and technologies in interactive voice response (IVR), virtual assistants and biometric solutions.

In addition to the Azure foundation for Nuance's SaaS products, the companies are already technologically intertwined. They announced a major partnership in 2019 for joint work on the Nuance Dragon Medical platform and on Microsoft's Project EmpowerMD Intelligent Scribe Service, as well as underlying Azure technologies.

Mark Benjamin, who will remain CEO of Nuance reporting to Scott Guthrie, the executive vice president of Cloud & AI at Microsoft, said the deal is important for the continued growth of Nuance's business.

"To seize this opportunity, we need the right platform to bring focus and global scale to our customers and partners to enable more personal, affordable and effective connections to people and care. The path forward is clearly with Microsoft -- who brings intelligent cloud-based services at scale and who shares our passion for the ways technology can make a difference. At the same time, this combination offers a critical opportunity to deliver meaningful and certain value to our shareholders who have driven and supported us on this journey," Benjamin said.

The all-cash transaction represented a 23 percent premium to Nuance's closing price on Friday, April 9.

Posted by Scott Bekker on April 12, 2021 at 1:29 PM0 comments


Microsoft UK Gets New Channel Chief

Microsoft has hired Accenture's Salesforce business lead for the United Kingdom and Ireland as its new U.K. channel chief.

Orla McGrath will run the Microsoft Partner organization as the One Commercial Partner lead for Microsoft UK.

McGrath comes to Microsoft after a 26-year career with Accenture, according to her LinkedIn profile. Other roles at Accenture included being managing director at the U.K. and Ireland level for cloud-first applications and for emerging technology around SaaS and Salesforce. She had also been involved in management and consulting roles involving SAP, CRM and ERP.

Orla McGrath (source: Microsoft)

"I am excited to help shape Microsoft's partner ecosystem for the benefit of our customers and society more broadly. I couldn't think of a more exciting and challenging opportunity," McGrath said in a statement Monday.

McGrath replaces Joe Macri, who retired last year after a 24-year career at Microsoft.

Also joining the U.K. subsidiary is Soraya Scott, previously chief of staff for Jean-Philippe Courtois, who runs Microsoft International. Scott will be chief operating officer of Microsoft UK.

Microsoft UK CEO Clare Barclay said, "We are at an important inflection point in the U.K. market, so I am excited about the depth of global experience and leadership capability both Orla and Soraya bring, and they will both play a critical role in driving the future success in the U.K. with our customers and partners."

Posted by Scott Bekker on March 30, 2021 at 12:25 PM0 comments


Rodney Clark Named New Microsoft Global Channel Chief

Microsoft is shaking up its worldwide partner organization this week, with new leadership at the top, a new name for the global team and the centralization of the previously independent partner programs for IoT and mixed reality devices under the main channel sales umbrella.

Rodney Clark, a longtime Microsoft executive with significant channel experience, will become corporate vice president of Global Channel Sales effective Thursday, April 1. The title makes Clark the worldwide channel chief at Microsoft, replacing Gavriella Schuster.

Global Channel Sales (GCS) will be the new name for what was previously called the Worldwide One Commercial Partner (OCP) team. However, field operations will retain the OCP name.

Rodney Clark (source: Entegris)

Schuster came to a top leadership role in Microsoft's then-Worldwide Partner Group (WPG) in 2014, when then-channel chief Phil Sorgen named her to a newly created No. 2 position in the WPG. Schuster took over as worldwide channel chief in 2016 when Sorgen moved to a role in the U.S. subsidiary.

In an internal e-mail announcing the changes, Nick Parker, corporate vice president of Global Partner Solutions (GPS), wrote that he and Schuster determined that "after nearly 7 years of leading our partner ecosystem, now would be a good time for her to shift gears and explore opportunities to focus on her passion for business development and furthering the cause of diversity and inclusion."

Schuster has played a major role in efforts to encourage and support women in technology careers. She is a founding sponsor of the Women in Technology (WIT) Network and of Women in Cloud. She also delivered an influential speech, "Become an Ally: How To Achieve Gender Equity," at the TEDxCherryCreekWomen event in Colorado last November.

Parker said Schuster will help with the transition as she determines her next steps.

Clark's most recent position at Microsoft is CVP for IoT and Mixed Reality Sales at Microsoft, a role he's held since 2017. He's been involved with IoT efforts at Microsoft since 2014, and he also managed Microsoft's Samsung Alliance from 2011 to 2013, according to his LinkedIn profile.

Other roles at Microsoft included general manager of SMB-related global operations, a partner-heavy role, and general manager for Worldwide Public Sector.

One of Clark's highest-profile partner positions was in the 2006-2009 timeframe when he ran seminar sales and event marketing. Those efforts included a fleet of seven 42-foot-long "mobile events" trucks in the Microsoft Across America Tour. On Twitter, as @rodneyc55, Clark identifies himself as an "avid cyclist, music nut, hockey coach, community advocate."

Recently, Clark has also been named to the boards of directors for two prominent partner companies. Semiconductor material supplier Entegris appointed Clark to its board in February of this year, and West Monroe Partners, a systems integrator on the RCP 350, named Clark to its board in November 2020.

Under the slightly re-architected role, Clark will have responsibility for the services partner business, OCP field strategy, cross-partner strategy and the Microsoft Partner Network (MPN).

Clark's direct reports include Harish Iyer, partner development manager solutions execution; Laura Polly, inside channel management and channel execution; Lakecia Gunter, IoT partner ecosystem engagement; Mark Rice, licensing solution providers; Maziar Zolghadr, telco service partners; Nikki Meyer, indirect providers; Tatiana Ospina, managed services partners; Alyssa Fitzpatrick, partner co-sell; Camille Mazo, field strategy and operations; Dan Truax, partner programs and unmanaged partner sales; Fadi Barghouthy, technical partner community; and Jim Pinter, business management.

Also going to GCS with Clark from his previous team are Rebekah Midkiff, executive business administration, and Erin Price, business management.

Gunter's IoT team is new to the GCS/OCP. Another partner team, the mixed reality team, led by Mark Day, will move to another part of GPS -- device partner sales run by Nicole Dezen.

Posted by Scott Bekker on March 30, 2021 at 12:20 PM0 comments


Enterprise Cloud Spending Vaults Past Datacenter Spend in 2020

It took 10 years of steady growth for enterprises to spend the same amount on cloud services as they did on their on-premises datacenter hardware and software.

But it happened in 2019. And then in 2020, cloud service spending left datacenter-related spending in the dust.

That's according to new data this month from Synergy Research Group.

The Reno, Nev.-based research firm found cloud infrastructure services spending grew 35 percent in 2020 to almost $130 billion. By comparison, enterprise spending on datacenter hardware and software, largely stagnant for a decade, fell 6 percent to $89 billion.

[Click on image for larger view.]

"Over the last ten years we have seen a dramatic increase in computer capabilities, increasingly sophisticated enterprise applications and an explosion in the amount of data being generated and processed, resulting in an ever-growing need for data center capacity. However, 60% of the servers now being sold are going into cloud providers' data centers and not those of enterprises," said John Dinsdale, chief analyst at Synergy, in a statement.

In 2019, spending on the two categories was relatively even in the mid-$90-billion range, with cloud service spending slightly ahead.

According to Synergy's data, average annual spending growth over the last decade was 2 percent for datacenters and 52 percent for cloud services, which included IaaS, PaaS and hosted private cloud.

Within cloud over the decade, Dinsdale said the segments with the highest growth rates were PaaS categories, especially database, IoT and analytics.

Posted by Scott Bekker on March 26, 2021 at 7:50 AM0 comments


IDC: Data Creation Hit 64ZB in 2020

I'll admit it, I'm a sucker for data milestones.

They're simultaneously amazing and entirely expected.

After all, we're all doing more digitally, seemingly every day, with more and more of our output occurring with images and video. Over this last year, a lot of these remote work meetings happen on video. We're recording a lot of the meetings rather than picking up a pen since the fidelity of a recorded conversation is always better than what you happen to scribble down while the conversation is continuing in your ears.

Then there's the duplicate file in a separate service to create a transcript -- you get the idea. We're all living it.

On to the jaw-dropping new figures. Researchers at IDC this week posted a huge new number for global data creation: 64.2ZB in 2020. That's zettabytes. If you're keeping track, it goes kilobyte (KB), megabyte (MB), gigabyte (GB), terabyte (TB), petabyte (PB), exabyte (EB) and zettabyte (ZB).

"In 2020, 64.2ZB of data was created or replicated, defying the systemic downward pressure asserted by the COVID-19 pandemic on many industries and its impact will be felt for several years," said Dave Reinsel, senior vice president, IDC's Global DataSphere, in a statement Wednesday. "The amount of digital data created over the next five years will be greater than twice the amount of data created since the advent of digital storage."

It's not just virtual meetings, social media, video streaming, wireless and mobile traffic and ever-fatter broadband pipes driving the increase, which IDC anticipates will grow at a compound annual growth rate of 23 percent a year through 2025. It's also IoT data, which is the fastest growing data segment, data at the edge and enterprise data generally.

Other than the headline storage number, what's also interesting in IDC's recent analysis is how ephemeral most of that data is. The overall installed base of storage capacity grew steadily to 6.7ZB in 2020. You'll notice that's about 10 percent of the capacity of all the data that was created.

In all, less than 2 percent of the new data was saved and retained into 2021. Most of it was temporarily created or replicated for consumption and then deleted or overwritten with newer data. Think downloading a Netflix movie to your phone, watching it and then having it removed when you're finished.

The combination of those numbers prompts Reinsel to ask, "How much of it should be stored?"

In IDC's view, we should think about retaining a lot more data, at least on the business side.

"Organizations should consider preparing now to store more data as they seek to achieve digital transformation milestones and improve business metrics by accelerating innovative data analytics initiatives," said John Rydning, research vice president of IDC's Global DataSphere.

Whether or not organizations need to store more data, or just need to more effectively use what they already retain, one thing is sure. We're awash in data, and it's still flooding in.

Posted by Scott Bekker on March 25, 2021 at 1:01 PM0 comments


Veeam Puts Hourly Downtime Cost at $85K

There's a new hourly metric for the cost of downtime -- $84,650.

That hyper-specific average comes from the new "Veeam Data Protection Report 2021" released Thursday. The report is based on a survey of 3,000 IT decision makers around the world.

Veeam's survey also found that the average downtime for an outage was 79 minutes.

The numbers are both better and worse than similar figures Veeam provided last year in its "Veeam 2020 Data Protection Trends Report." That survey of about 1,550 IT pros put the cost of downtime for high-priority applications at $67,651 per hour and found the average outage lasted for a more excruciating 117 minutes.

Veeam provides cloud data management solutions, of which backup and recovery components make up the core value proposition.

The 2021 report also digs a little deeper into IT professionals' perceptions of other negative impacts of downtime.

"The impact cannot be measured solely in costs per hour. There are many other potential downsides to outages," the 32-page report states.

In descending order of response percentage, those other impacts included loss of customer confidence, damage to brand integrity, loss of employee confidence, diversion of resources from long-term or business-critical projects, reduced stock price, subject to legal action and revocation of licenses or accreditations.

Major themes of the 2021 report included changing rates of digital transformation spending, with some sectors accelerating projects while others halted them; significant backup and recovery failure rates; and a significant shift toward cloud-based backup.

The full report is available here (registration required).

Posted by Scott Bekker on March 18, 2021 at 12:53 PM0 comments


Sherweb Adds MDR Solution to Microsoft Partner Offerings

Sherweb is taking another step to support smaller managed service providers whose customers' security expectations sometimes outstrip their MSPs' in-house capabilities.

The Sherbrooke, Quebec-based cloud solution provider (CSP) this week rolled out Office Protect Alliance, a managed detection and response (MDR) solution. The new service gives Sherweb's partners access to a security operations center staffed by security analysts who monitor the partners' clients' activity.

"We do the tedious work of analyzing every situation, eliminating false positives, and researching the required information affordably," said Guillaume Boisvert, director of product innovation at Sherweb, in a statement. "That way, partners can do the hero work of intervention for their clients, fully briefed and ready to go."

The service builds on the philosophy behind Sherweb's first security product -- Office Protect. The Office Protect tool was designed to help partners quickly and easily configure their clients' Office 365 environments to greatly improve the baseline security without needing extensive security expertise.

According to Sherweb, Office Protect Alliance is the first in a planned series of cybersecurity services to support Microsoft cloud-based applications.

Sherweb is one of a few dozen indirect providers in Microsoft's CSP program. In the program, indirect providers, like Sherweb, obtain Microsoft cloud subscriptions from Microsoft and bundle them with other services and support for distribution to a large network of smaller CSP/MSP partners who work directly with their own customers.

Posted by Scott Bekker on March 17, 2021 at 9:13 AM0 comments


Now There's Ransomware for Those Exchange Vulnerabilities

A little more than a week after being revealed in on-premises Exchange Servers, some of the zero-day vulnerabilities are appearing in ransomware, adding further urgency to the associated patches.

Microsoft disclosed the existence on March 2 of four zero-day vulnerabilities in certain versions of Exchange that enabled access to e-mail accounts and allowed attackers to install leave-behind malware. The announcement included patches for the vulnerabilities in Exchange Server 2019 and Exchange Server 2016.

The Microsoft Threat Intelligence Center (MSTIC) attributed the campaign to a state-sponsored group it calls Hafnium that operates out of China and primarily targets entities in the United States. The initial focus was on pre-patch/pre-discovery attacks, as well as an acceleration in post-patch activity as attackers raced to beat the patches.

Now Microsoft has confirmed that ransomware organizations have gotten in on the action.

"We have detected and are now blocking a new family of ransomware being used after an initial compromise of unpatched on-premises Exchange Servers. Microsoft protects against this threat known as Ransom:Win32/DoejoCrypt.A, and also as DearCry," the Microsoft Security Intelligence tweeted.

The @MsftSecIntel account also noted that Microsoft Defender customers with automatic updates turned on don't need to take additional action to protect against the DearCry ransomware. That official Microsoft account also reiterated the urgent call to patch vulnerable Exchange Servers and take other related steps.

One ransomware security researcher said the speed with which the vulnerabilities were converted to ransomware was remarkable.

"What this shows is the acceleration of the development of the ransomware actors and their maturity," said Allan Liska with Recorded Future in an interview. "If you go back to ZeroLogin, which was released in August, we didn't see ransomware actors exploiting that until October, which was a two-month gap. Here there was a nine-day gap. It shows how quickly they're growing and maturing in terms of being able to take advantage of exploits."

Posted by Scott Bekker on March 12, 2021 at 12:58 PM0 comments