New
#1
I get on average one "Hello I am from Windows" call a month. I usually just ask them what its like not to have a conscience? Or, Does it bother you being one of the lowest forms of life on the planet?
Defending against ransomware with Windows 10 Anniversary Update
- Six of the top 10 ransomware threats use browser, or browser-plugin-related exploits, so we made it harder for malware authors to exploit Windows 10 and Microsoft Edge.
- We increased detection and blocking capability in our email services, increasing the number of ransomware-related attachments being blocked.
- We added new technology to Windows Defender to reduce detection time to seconds, increasing our ability to respond before the infection can occur.
- We released Windows Defender Advanced Threat Protection which can be combined with Office 365 Advanced Threat Protection to make it easier for companies to investigate and respond to ransomware attacks.
- Update to the Windows 10 Anniversary Update and accept the default security settings within Windows 10.
- Keep machines up to date with the very latest updates.
- Ensure that a comprehensive backup strategy is implemented and followed.
-
-
New #2
Next time they call reply....this call has been intercepted, please state your business.
That should give them food for thought.
-
New #3
My mentioning I am a Microsoft MVP usually results in a click, followed by dial tone.
Other fun stuff is to say this "call is being recorded" or "I don't own a computer", that throws them for a lop too. Sometimes I just like to string them along as long as possible just to piss them off and waist their time.
-
New #4
I have not seen ransomware, which would be able to run with useless WSH disabled.
All it takes is this:
reg add "HKLM\Software\Microsoft\Windows Script Host\Settings" /v "Enabled" /t REG_DWORD /d "0" /f
Articles say, that malware run by itself, no it does not, scripting does. It is hard to find an in-depth info, but when you do, it is obvious, like with Locky. If you get rid of PS, you are 99% safe. Win updates nor Store do not need WSH or PS.
-
New #5
I got 4 such calls yesterday and the caller couldn't get it in his head that my computer was out of service because the hard drive had crashed, finally quit calling in the afternoon but got another call in the evening with a female on the phone. It was somewhat funny as the hard drive failure is the first I've had in that computer since building it 6 years ago and running Win7 followed by Win10.
-
New #6
I've had to recover 2 PC's for friends that fell for those calls and had their PC's locked out on them. It wasn't really a recovery though. I just wiped them clean and did clean installs to be sure there was nothing left behind. I slaved the hard drive in my spare PC that was isolated from the Internet to recover their personal files like pictures etc. Then also wiped it clean and reinstalled Windows on it. The drives weren't encrypted, they were just blocked from logging in to their PC.
-
New #7
Windows Defender Advanced Threat Protection (ATP) only appears to be of any help in company networks. Its purpose seems to be to alert the IT admins that one of the PCs on the network has succumbed (or is being attacked) by malware. Not much help for Home users there.The Block at First Sight cloud protection feature in Windows Defender is enabled by default. For IT Pros, if it was turned off we recommend turning it back on, and we also recommend incorporating another layer of defense through Windows Defender ATP and Office 365 ATP. For more information about each of these technologies and techniques and how they work, please download our white paper Ransomware Protection in Windows 10 Anniversary Update.
Block at First Sight would appear to be of more use, but there's no actual setting to turn it on (or off). As the link above explains, you turn it on by satisfying certain prerequisites - a sort of one-step-removed 'settings'.
Still, at least it seems that this is one thing that can be turned on for Home and Pro systems alike.You can confirm that Block at First Sight is enabled in Windows Settings. The feature is automatically enabled, as long as Cloud-based protection and Automatic sample submission are both turned on.
-
New #8
So I am a bit confused...
Can we assume that ATP is built in to Windows Defender if one is on Win 10 Pro Anniversary version?
-
-
New #9
Nope, it's for Enterprise customers:
Windows Defender Advanced Threat Protection - Windows DefenderWindows Defender Advanced Threat Protection (Windows Defender ATP) is a security service that enables enterprise customers to detect, investigate, and respond to advanced threats on their networks.
Windows Defender ATP uses the following combination of technology built into Windows 10 and Microsoft's robust cloud service:
Endpoint behavioral sensors: Embedded in Windows 10, these sensors collect and process behavioral signals from the operating system (for example, process, registry, file, and network communications) and sends this telemetry to your private, isolated, cloud instance of Windows Defender ATP.
Cloud security analytics: Leveraging big-data, machine-learning, and unique Microsoft optics across the Windows ecosystem (such as the Microsoft Malicious Software Removal Tool, enterprise cloud products (such as Office 365), and online assets (such as Bing and SmartScreen URL reputation), behavioral signals are translated into insights, detections, and recommended responses to advanced threats.
Threat intelligence: Generated by Microsoft hunters, security teams, and augmented by threat intelligence provided by partners, threat intelligence enables Windows Defender ATP to identify attacker tools, techniques, and procedures, and generate alerts when these are observed in collected telemetry.
Defending against ransomware with Windows 10 Anniversary Update
Posted: 11 Nov 2016
Ransomware is one of the latest malware threats that is attracting an increasing number of cyber-criminals who are looking to profit from it. In fact, in the last 12 months, the number of ransomware variants have more than doubled. Its premise is deceptively simple: infect users’ devices, and then deny them access to their devices or files unless they pay a ransom. However, the methods and means attackers are using to perpetrate ransomware attacks are increasingly varied, complex and costly.
Microsoft is committed to helping protect people against threats to their safety and security through our strategy of Prevent, Detect and Respond. Using this approach, Windows 10 Anniversary Update is more ransomware-resilient than ever before.
Here are some of the many ways we’re fighting back against ransomware:
Combined with other significant security advances, such as Credential Guard, Windows Hello and others, we’ve made Windows 10 Anniversary Update the most secure Windows ever. Here are a few examples of how we achieved this:
Prevention:
Browser hardening. Adobe Flash Player is a common browser plug-in that has been used by exploit writers to download ransomware, so we updated Microsoft Edge to run Flash Player in an isolated container. We have also locked down Microsoft Edge so that an exploit running in the browser cannot execute another program. These improvements block malware from silently downloading and executing additional payloads on customers’ systems.
Email protection. A major distribution channel for ransomware is via email file attachments. To help protect customers who use Microsoft email services against such threats, we have made investments in our email services that help block ransomware. We advanced our machine learning models and heuristics to catch malware distributed in email, and developed a faster signature delivery channel to update Windows Defender running in our email services more quickly. The result is improved protection levels for our consumer and commercial productivity suite customers.
Machine learning. Enhancements to our cloud infrastructure let our antimalware researchers extend machine learning models in a way that we can identify and block malware more quickly. Before the Anniversary Update, the process of collecting a suspicious program for analysis, classifying it and responding with protection generally took hours. Now it takes minutes.
Detection:
New and improved Windows Defender. Windows Defender, which is enabled by default, can respond to new threats faster using improved cloud protection and automatic sample submission features to block malware “at first sight”. We’ve also improved Windows Defender’s behavioral heuristics to help determine if a file is performing ransomware-related activities, and then detect and take action more quickly.
Response:
Post-breach defense. In Windows 10 Anniversary Update, we launched Windows Defender Advanced Threat Protection (ATP) service which adds the ability for companies to detect and respond to attacks that have made it through other defensive layers. Combining security events collected from the machines with cloud analytics to detect signs of attacks, Windows Defender ATP surfaces alerts to the enterprise security team. Should ransomware affect corporate endpoints, the Windows Defender ATP console can provide important details that can help security responders quickly understand how the ransomware entered the device, identify the damage it has created, and locate where it might be moving next in the network. When combined with Office 365 Advanced Threat Protection, these services share signals to provide a more holistic view of what is attacking the enterprise.
Protecting against Ransomware
We have made significant improvements in protecting customers from ransomware in the Windows 10 Anniversary Update. To help protect against ransomware and other types of cyber threats, we suggest you:
The Block at First Sight cloud protection feature in Windows Defender is enabled by default. For IT Pros, if it was turned off we recommend turning it back on, and we also recommend incorporating another layer of defense through Windows Defender ATP and Office 365 ATP. For more information about each of these technologies and techniques and how they work, please download our white paper Ransomware Protection in Windows 10 Anniversary Update.
Cyber threats won’t stop, and neither will we. As long as ransomware remains a threat, we will continue to enhance our defenses to better protect your Windows 10 devices.
Additional Resources
Source: Defending against ransomware with Windows 10 Anniversary Update | Windows For Your Business
Quote
Related Discussions
