Ransomware is among the malware threats attracting an increasing number of cyber-criminals, so to help people protect against these threats Microsoft made Windows 10 Anniversary Update more ransomware-resilient than ever before, writes Rob Lefferts.
“Combined with other significant security advances, such as Credential Guard, Windows Hello and others, we’ve made Windows 10 Anniversary Update the most secure Windows ever,” Lefferts says.
Microsoft understands this, and has published safety adviisery for people to protect against ransomware and other cyber threats emergin today, he said, “users must update to Anniversary Update and apply default security settings within Windows 10,” also “to keep machines with latest updates.”
In Windows Defender, he suggests to keep enable a cloud protection feature called “Block at First Sight”, and also recommend incorporating another layer of defense through Windows Defender ATP and Office 365 ATP. Also, ensure deploy a comprehensive backup & restore strategy.
So, what’s a ransomware? For those not aware of, “it’s a kind of cyber threat where cyber-criminals looking to make profit with a deceptively simple premise infect users’ devices, and then deny them access to their devices or files unless they pay a ransom.”
However, the methods and means attackers using to perpetrate ransomware attacks increasingly varied, complex and costly, and in fact, ransomware variants have more than doubled in the past year alone.
To prevent this threat, he said they’re hardening the browser against downloading and executing additional payloads with “Edge now run Adobe Flash Player in an isolated container, locked down Edge from executing another app when an exploit’s running.”
Adding, he say, to protect email, they deployed “advanced machine learning and heuristics” approach to catch malware distributed via file attachment, and a faster signature update channel for Windows Defender running in its email services.
“Advanced Threat Protection (ATP) is a Windows Defender service which adds an ability to detect and respond to attacks that made through other defensive layers.” Windows Defender ATP surfaces alerts to enterprise security team, by combining security events collected from the machines with cloud analytics to detect signs of attacks.
Should ransomware affect corporate endpoints, “Windows Defender ATP console help security responders quickly understand how a ransomware entered into the device, identify damage created, and locate its presence in the network,” Microsoft explained. However, when combined with Office 365 ATP, a more holistic view of what is attacking the enterprise is provided.