Connect with us

Hi, what are you looking for?


Endpoint Security

Microsoft Details Anti-Ransomware Protection in Windows 10

Microsoft’s latest desktop operating system release, which started rolling out to users in early August in the form of Windows 10 Anniversary Update, is packing improved ransomware resilience, the Redmond-based tech giant says.

Microsoft’s latest desktop operating system release, which started rolling out to users in early August in the form of Windows 10 Anniversary Update, is packing improved ransomware resilience, the Redmond-based tech giant says.

Numerous new ransomware variants have emerged over the past 12 months alone, swith popular threats including Locky, CryptXXX, and Cerber, which target Windows, and Microsoft appears determined to tackle them at the OS level. Other platforms aren’t safe from ransomware either, as variants such as Linux.Encoder, KeRanger, and Lockdroid have shown.

Microsoft decided to make Windows more ransomware-resilient because the number of such threats spotted in the wild in the past 12 months has more than doubled, Rob Lefferts, Director of Program Management, Windows Enterprise and Security, Microsoft, says. The company integrated the Windows 10 Anniversary Update with the necessary technology to protect against these threats, and now it has decided to detail them in a newly published whitepaper (PDF).

Some of the enhanced security features in the latest platform update include email protection that blocks malware sent through suspicious URLs or attachments, along with anti-exploit protection in Microsoft Edge, meant to block malicious code from silently downloading and executing an additional payload on the victim’s system.

On top of that, there’s the Windows Defender Advanced Threat Protection (ATP) that Microsoft revealed in March. Additionally, Microsoft packed both Office 2016 and Office 2013 with macro-blocking features, which should prevent document-borne ransomware and other types of malware from being executed on vulnerable computers.

As Lefferts explains, the purpose of different ransomware variants is the same: to infect the device and then deny access to files on it or to the entire device. What differs, however, is the method that attackers use of perpetrate their attacks.

To ensure that ransomware is successfully blocked, Microsoft packed Windows 10 not only with the above mentioned security features, but also with new technology in Windows Defender, so that detection happens in seconds, before infection occurs, Lefferts says. Other Windows 10 security capabilities include Credential Guard, Windows Hello and others, all meant to turn Windows 10 Anniversary Update the most secure Windows version.

Advertisement. Scroll to continue reading.

Windows 10 devices are 58% less likely to encounter ransomware compared to those running Windows 7, Microsoft explains. The tech giant also explains that its strategy to stop ransomware involves prevention, detection, and response. Thus, the company didn’t focus only on stopping ransomware before it reaches the device, but also on blocking it from running on compromised machines and on providing the necessary intelligence to IT and Security professionals.

Related to prevention, Lefferts mentions browser hardening, where Adobe Flash Player, the most commonly exploited browser plug-in, runs in an isolated container in Microsoft Edge. There’s also email protection, where attachment types most popular among cybercriminals are blocked, and machine learning, where cloud infrastructure is leveraged to identify and block malware more quickly.

Better detection is available through a new and improved Windows Defender, which is enabled by default in Windows 10. “We’ve also improved Windows Defender’s behavioral heuristics to help determine if a file is performing ransomware-related activities, and then detect and take action more quickly,” Lefferts says.

The Windows Defender ATP in Windows 10 Anniversary Update allows companies to detect attacks that have impacted others. The service combines security events collected from the machines with cloud analytics and should be able to detect signs of attacks and alert the enterprise security team. Details on ransomware attacks would be available in the Windows Defender ATP console, allowing respondents to determine where it might be moving next in the network.

The aforementioned whitepaper details even more of the security enhancements that Microsoft packed inside Windows 10 Anniversary Update. To take advantage of them, the tech company says, users should update their devices as soon as possible.

A recent Duo Security report has revealed that 65% of the company’s clients’ Windows users are still running Windows Vista and that tens of thousands are still using Windows XP. 88% of XP users are still using Internet Explorer 8, and 20% of all Internet Explorer users are using a version that has already reached end-of-life status. Running outdated operating systems and applications puts not only users, but also enterprises at risk.

Related: Microsoft Edge Tops Browser Protection Tests

Related: Windows Information Protection to Address Data Leaks in Windows 10

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

CISO Strategy

Varied viewpoints as related security concepts take on similar traits create substantial confusion among security teams trying to evaluate and purchase security technologies.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Endpoint Security

The Zero Day Dilemma

Endpoint Security

When establishing visibility and security controls across endpoints, security professionals need to understand that each endpoint bears some or all responsibility for its own...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...