I often get asked how we manage networks without an RMM tool and I always reply that we take full advantage and make use of what Microsoft has to offer. This type of rule is an example of that philosophy.
If you’re email@example.com, your account has been compromised and is being used by criminals to attack my website. I do hold you responsible because you’ve ignored that message to change your password to something more complex and use two-factor authentication.
There’s been a lively discussion with “breaking news” about the extent of the intrusion into networks and the solution to it over on our Ransomware and Security group. Now that it seems to have reached a stable information point I thought I would summarize that you need to know.