The Daily Swig Web security digest

Microsoft introduces new ransomware safeguards

James Walker | 25 October 2017 at 14:00

Intrusion prevention software ships with latest Windows update.

The Windows 10 Fall Creators Update is beginning to roll out to PCs around the world, complete with new safeguards against ransomware attacks.

Bundled with Microsoft’s latest OS update is the Windows Defender Exploit Guard, which helps protect files from unauthorized changes by nefarious applications.

The four components of the Exploit Guard – attack surface reduction, network protection, controlled folder access, and exploit protection – have been designed to lock down devices against a wide variety of attack vectors and block behaviors commonly used in malware attacks.

“Despite advances in antivirus detection capabilities, attackers are continuously adapting and have been expanding their arsenal of tricks and techniques to compromise endpoints, steal credentials, and execute ransomware attacks without ever needing to write anything to disk,” Microsoft said in its security blog.

Although the underlying vulnerability being exploited varies, the delivery mechanism differs, and the payload changes, Exploit Guard takes advantage of the fact that many different attacks adhere to a core set of behaviors and vectors.

“By correlating streams of events to various malicious behaviors with the ISG, Windows Defender Exploit Guard provides the capability and controls needed to handle these types of emerging threats,” said Microsoft.

Additionally, Windows Defender Antivirus now has specific safeguards in place, along with default enhanced coverage that is delivered instantly via the cloud protection service.

These and other security technologies protect against persistent ransomware campaigns like Cerber, Locky, and Spora, as well as global outbreaks like WannaCry, and Petya.

A phased rollout of the Fall Creators Update started earlier this month. In addition to the security updates, it includes a range of mixed reality features, voice-activated power commands, and a reimagined Photos app.