Page 1 of 2 12 LastLast

  1. Joined : Oct 2013
    Posts : 16,584
    64-bit Windows 10 Pro build 14986
       4 Weeks Ago #1

    Defending against ransomware with Windows 10 Anniversary Update


    Ransomware is one of the latest malware threats that is attracting an increasing number of cyber-criminals who are looking to profit from it. In fact, in the last 12 months, the number of ransomware variants have more than doubled. Its premise is deceptively simple: infect users’ devices, and then deny them access to their devices or files unless they pay a ransom. However, the methods and means attackers are using to perpetrate ransomware attacks are increasingly varied, complex and costly.

    Microsoft is committed to helping protect people against threats to their safety and security through our strategy of Prevent, Detect and Respond. Using this approach, Windows 10 Anniversary Update is more ransomware-resilient than ever before.

    Here are some of the many ways we’re fighting back against ransomware:

    • Six of the top 10 ransomware threats use browser, or browser-plugin-related exploits, so we made it harder for malware authors to exploit Windows 10 and Microsoft Edge.
    • We increased detection and blocking capability in our email services, increasing the number of ransomware-related attachments being blocked.
    • We added new technology to Windows Defender to reduce detection time to seconds, increasing our ability to respond before the infection can occur.
    • We released Windows Defender Advanced Threat Protection which can be combined with Office 365 Advanced Threat Protection to make it easier for companies to investigate and respond to ransomware attacks.

    Combined with other significant security advances, such as Credential Guard, Windows Hello and others, we’ve made Windows 10 Anniversary Update the most secure Windows ever. Here are a few examples of how we achieved this:

    Prevention:

    Browser hardening. Adobe Flash Player is a common browser plug-in that has been used by exploit writers to download ransomware, so we updated Microsoft Edge to run Flash Player in an isolated container. We have also locked down Microsoft Edge so that an exploit running in the browser cannot execute another program. These improvements block malware from silently downloading and executing additional payloads on customers’ systems.

    Email protection. A major distribution channel for ransomware is via email file attachments. To help protect customers who use Microsoft email services against such threats, we have made investments in our email services that help block ransomware. We advanced our machine learning models and heuristics to catch malware distributed in email, and developed a faster signature delivery channel to update Windows Defender running in our email services more quickly. The result is improved protection levels for our consumer and commercial productivity suite customers.

    Machine learning. Enhancements to our cloud infrastructure let our antimalware researchers extend machine learning models in a way that we can identify and block malware more quickly. Before the Anniversary Update, the process of collecting a suspicious program for analysis, classifying it and responding with protection generally took hours. Now it takes minutes.

    Detection:

    New and improved Windows Defender. Windows Defender, which is enabled by default, can respond to new threats faster using improved cloud protection and automatic sample submission features to block malware “at first sight”. We’ve also improved Windows Defender’s behavioral heuristics to help determine if a file is performing ransomware-related activities, and then detect and take action more quickly.

    Response:

    Post-breach defense. In Windows 10 Anniversary Update, we launched Windows Defender Advanced Threat Protection (ATP) service which adds the ability for companies to detect and respond to attacks that have made it through other defensive layers. Combining security events collected from the machines with cloud analytics to detect signs of attacks, Windows Defender ATP surfaces alerts to the enterprise security team. Should ransomware affect corporate endpoints, the Windows Defender ATP console can provide important details that can help security responders quickly understand how the ransomware entered the device, identify the damage it has created, and locate where it might be moving next in the network. When combined with Office 365 Advanced Threat Protection, these services share signals to provide a more holistic view of what is attacking the enterprise.

    Protecting against Ransomware

    We have made significant improvements in protecting customers from ransomware in the Windows 10 Anniversary Update. To help protect against ransomware and other types of cyber threats, we suggest you:


    The Block at First Sight cloud protection feature in Windows Defender is enabled by default. For IT Pros, if it was turned off we recommend turning it back on, and we also recommend incorporating another layer of defense through Windows Defender ATP and Office 365 ATP. For more information about each of these technologies and techniques and how they work, please download our white paper Ransomware Protection in Windows 10 Anniversary Update.

    Cyber threats won’t stop, and neither will we. As long as ransomware remains a threat, we will continue to enhance our defenses to better protect your Windows 10 devices.

    Additional Resources




    Source: Defending against ransomware with Windows 10 Anniversary Update | Windows For Your Business
      My System SpecsSystem Spec


  2. Joined : Dec 2013
    Sydney, Nova Scotia, Canada
    Posts : 7,978
    Windows 10 IoT
       4 Weeks Ago #2

    I get on average one "Hello I am from Windows" call a month. I usually just ask them what its like not to have a conscience? Or, Does it bother you being one of the lowest forms of life on the planet?
      My System SpecsSystem Spec


  3. Joined : Oct 2014
    Posts : 1,323
    W10 Pro + W10 Preview
       4 Weeks Ago #3

    alphanumeric said: View Post
    I get on average one "Hello I am from Windows" call a month. I usually just ask them what its like not to have a conscience? Or, Does it bother you being one of the lowest forms of life on the planet?
    Next time they call reply....this call has been intercepted, please state your business.
    That should give them food for thought.
      My System SpecsSystem Spec


  4. Joined : Dec 2013
    Sydney, Nova Scotia, Canada
    Posts : 7,978
    Windows 10 IoT
       4 Weeks Ago #4

    dencal said: View Post
    Next time they call reply....this call has been intercepted, please state your business.
    That should give them food for thought.
    My mentioning I am a Microsoft MVP usually results in a click, followed by dial tone.

    Other fun stuff is to say this "call is being recorded" or "I don't own a computer", that throws them for a lop too. Sometimes I just like to string them along as long as possible just to piss them off and waist their time.
      My System SpecsSystem Spec


  5. Joined : Oct 2014
    Trnava
    Posts : 1,627
    Windows 10 Home x64
       4 Weeks Ago #5

    I have not seen ransomware, which would be able to run with useless WSH disabled. All it takes is this:

    reg add "HKLM\Software\Microsoft\Windows Script Host\Settings" /v "Enabled" /t REG_DWORD /d "0" /f

    Articles say, that malware run by itself, no it does not, scripting does. It is hard to find an in-depth info, but when you do, it is obvious, like with Locky. If you get rid of PS, you are 99% safe. Win updates nor Store do not need WSH or PS.
      My System SpecsSystem Spec


  6. Joined : Aug 2014
    Forever West
    Posts : 2,378
    Win10 Home and Pro, Win7 Home, Linux Mint
       4 Weeks Ago #6

    I got 4 such calls yesterday and the caller couldn't get it in his head that my computer was out of service because the hard drive had crashed, finally quit calling in the afternoon but got another call in the evening with a female on the phone. It was somewhat funny as the hard drive failure is the first I've had in that computer since building it 6 years ago and running Win7 followed by Win10.
      My System SpecsSystem Spec


  7. Joined : Dec 2013
    Sydney, Nova Scotia, Canada
    Posts : 7,978
    Windows 10 IoT
       4 Weeks Ago #7

    I've had to recover 2 PC's for friends that fell for those calls and had their PC's locked out on them. It wasn't really a recovery though. I just wiped them clean and did clean installs to be sure there was nothing left behind. I slaved the hard drive in my spare PC that was isolated from the Internet to recover their personal files like pictures etc. Then also wiped it clean and reinstalled Windows on it. The drives weren't encrypted, they were just blocked from logging in to their PC.
      My System SpecsSystem Spec


  8. Joined : Aug 2016
    S/E England
    Posts : 830
    10 Home x64 (1607), Pro x86 (1511 & 1607)
       4 Weeks Ago #8

    The Block at First Sight cloud protection feature in Windows Defender is enabled by default. For IT Pros, if it was turned off we recommend turning it back on, and we also recommend incorporating another layer of defense through Windows Defender ATP and Office 365 ATP. For more information about each of these technologies and techniques and how they work, please download our white paper Ransomware Protection in Windows 10 Anniversary Update.
    Windows Defender Advanced Threat Protection (ATP) only appears to be of any help in company networks. Its purpose seems to be to alert the IT admins that one of the PCs on the network has succumbed (or is being attacked) by malware. Not much help for Home users there.

    Block at First Sight would appear to be of more use, but there's no actual setting to turn it on (or off). As the link above explains, you turn it on by satisfying certain prerequisites - a sort of one-step-removed 'settings'.
    You can confirm that Block at First Sight is enabled in Windows Settings. The feature is automatically enabled, as long as Cloud-based protection and Automatic sample submission are both turned on.
    Still, at least it seems that this is one thing that can be turned on for Home and Pro systems alike.
      My System SpecsSystem Spec


  9. Joined : Nov 2015
    Pretoria South Africa
    Posts : 198
    Win 10 Pro Build 1607 14393.447
       3 Weeks Ago #9

    So I am a bit confused...

    Can we assume that ATP is built in to Windows Defender if one is on Win 10 Pro Anniversary version?
      My System SpecsSystem Spec


  10. Joined : Feb 2015
    Bamberg Germany
    Posts : 13,433
    Microsoft Windows 10 Pro 64-bit 14393 Multiprocessor Free
       3 Weeks Ago #10

    Geoff Daniell said: View Post
    So I am a bit confused...

    Can we assume that ATP is built in to Windows Defender if one is on Win 10 Pro Anniversary version?
    Nope, it's for Enterprise customers:
    Windows Defender Advanced Threat Protection (Windows Defender ATP) is a security service that enables enterprise customers to detect, investigate, and respond to advanced threats on their networks.
    Windows Defender ATP uses the following combination of technology built into Windows 10 and Microsoft's robust cloud service:
    Endpoint behavioral sensors: Embedded in Windows 10, these sensors collect and process behavioral signals from the operating system (for example, process, registry, file, and network communications) and sends this telemetry to your private, isolated, cloud instance of Windows Defender ATP.
    Cloud security analytics: Leveraging big-data, machine-learning, and unique Microsoft optics across the Windows ecosystem (such as the Microsoft Malicious Software Removal Tool, enterprise cloud products (such as Office 365), and online assets (such as Bing and SmartScreen URL reputation), behavioral signals are translated into insights, detections, and recommended responses to advanced threats.
    Threat intelligence: Generated by Microsoft hunters, security teams, and augmented by threat intelligence provided by partners, threat intelligence enables Windows Defender ATP to identify attacker tools, techniques, and procedures, and generate alerts when these are observed in collected telemetry.
    Windows Defender Advanced Threat Protection - Windows Defender
      My System SpecsSystem Spec


 
Page 1 of 2 12 LastLast


Similar Threads
Thread Forum
Can't update Windows 10 Anniversary
I recently encountered a virus right around the time Windows 10 was updated to Windows 10 Anniversary. I had originally upgraded my Windows 8.0 to Windows 10 (beta), but my Activation code didn't work so I had to get windows to help me, and that's...
Windows Updates and Activation
Cannot Update to Windows 10 Anniversary Update (Freeze during Update)
Search Results I am trying to update from Windows 10 OS Build 10586.589 to the Anniversary Update but my computer freezes at 1% progress. I have tried everything I can think of including: Unplugging all extra SATA drives except my main SSD,...
Windows Updates and Activation
Solved Windows 10 Anniversary Update
I have read other threads on this subject and have not found the solution to my problem in them. The Windows 10 Anniversary Upgrade Assistant Icon appeared on my desktop. I began the process to update and received the error, SOMETHING WENT WRONG...
Installation and Setup
Windows Update does not download and install the anniversary update.
I am downloading the update manually. Have others had the same issue with windows update not showing the update? I'm not sure my WU is working because of this.
Windows Updates and Activation
Ransomware disguised as Win 10 update
Thought i would post this here but maybe the "news" section would benefit , if this is old news my apologies but it's scary. Beware! That Windows 10 update message could be ransomware in disguise A new virus is on the loose and it’s...
AntiVirus, Firewalls and System Security
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 05:45.
Find Us
Twitter Facebook Google+



Windows 10 Forums