Monday, 14 November 2016

Microsoft Details Anti-Ransomware Protection in Windows 10

Microsoft’s latest desktop operating system release, which started rolling out to users in early August in the form of Windows 10 Anniversary Update, is packing improved ransomware resilience, the Redmond-based tech giant says.

Numerous new ransomware variants have emerged over the past 12 months alone, swith popular threats including Locky, CryptXXX, and Cerber, which target Windows, and Microsoft appears determined to tackle them at the OS level. Other platforms aren’t safe from ransomware either, as variants such as Linux.Encoder, KeRanger, and Lockdroid have shown.
Microsoft decided to make Windows more ransomware-resilient because the number of such threats spotted in the wild in the past 12 months has more than doubled, Rob Lefferts, Director of Program Management, Windows Enterprise and Security, Microsoft, says. The company integrated the Windows 10 Anniversary Update with the necessary technology to protect against these threats, and now it has decided to detail them in a newly published whitepaper (PDF).

Some of the enhanced security features in the latest platform update include email protection that blocks malware sent through suspicious URLs or attachments, along with anti-exploit protection in Microsoft Edge, meant to block malicious code from silently downloading and executing an additional payload on the victim’s system.

On top of that, there’s the Windows Defender Advanced Threat Protection (ATP) that Microsoft revealed in March. Additionally, Microsoft packed both Office 2016 and Office 2013 with macro-blocking features, which should prevent document-borne ransomware and other types of malware from being executed on vulnerable computers.
As Lefferts explains, the purpose of different ransomware variants is the same: to infect the device and then deny access to files on it or to the entire device. What differs, however, is the method that attackers use of perpetrate their attacks.

To ensure that ransomware is successfully blocked, Microsoft packed Windows 10 not only with the above mentioned security features, but also with new technology in Windows Defender, so that detection happens in seconds, before infection occurs, Lefferts says. Other Windows 10 security capabilities include Credential Guard, Windows Hello and others, all meant to turn Windows 10 Anniversary Update the most secure Windows version.

Windows 10 devices are 58% less likely to encounter ransomware compared to those running Windows 7, Microsoft explains. The tech giant also explains that its strategy to stop ransomware involves prevention, detection, and response. Thus, the company didn’t focus only on stopping ransomware before it reaches the device, but also on blocking it from running on compromised machines and on providing the necessary intelligence to IT and Security professionals.

Related to prevention, Lefferts mentions browser hardening, where Adobe Flash Player, the most commonly exploited browser plug-in, runs in an isolated container in Microsoft Edge. There’s also email protection, where attachment types most popular among cybercriminals are blocked, and machine learning, where cloud infrastructure is leveraged to identify and block malware more quickly.

Better detection is available through a new and improved Windows Defender, which is enabled by default in Windows 10. “We’ve also improved Windows Defender’s behavioral heuristics to help determine if a file is performing ransomware-related activities, and then detect and take action more quickly,” Lefferts says.

The Windows Defender ATP in Windows 10 Anniversary Update allows companies to detect attacks that have impacted others. The service combines security events collected from the machines with cloud analytics and should be able to detect signs of attacks and alert the enterprise security team. Details on ransomware attacks would be available in the Windows Defender ATP console, allowing respondents to determine where it might be moving next in the network.

The aforementioned whitepaper details even more of the security enhancements that Microsoft packed inside Windows 10 Anniversary Update. To take advantage of them, the tech company says, users should update their devices as soon as possible.