Ransomware could have severe effects. The range of the attack could vary from a simple attack on a computer to an attack that halts health and infrastructure services, the latter being a critical issue. If not resolved on time, the monetary loss and other losses could be unbearable. Unfortunately, no platform is safe from ransomware. It has attacked Linux, Mac, and Windows.
Whitepaper on Ransomware protection in Windows 10
While Microsoft was always committed to cyber security, recent incidents have prompted it to take extra measures to recognize and mitigate. A few of them are as follows: 1] Increasing the cost of the attack: A ransomware attack isn’t always free, especially when directed towards larger systems with a wider scope. Since the purpose of a ransomware attack is to extort money, the attacker judges if the attack would be cost-effective and decides accordingly. Microsoft is attempting towards hardening its software and using hardware-based security so the cost of attacking a system could be raised. This would deter the attacker from doing so. 2] Advanced Threat Protection: One difficult part of handling ransomware-related threats is that it is never done by amateurs. Well-skilled and well-funded attackers are involved in the cyber-crime. Thus, Microsoft relies on Windows Defender Advanced Threat Protection to counter these threats. 3] Enterprise security operations: Enterprise security operations personnel are well trained to handle threats with confidentiality of information. Microsoft claims that no Windows 10 user was affected by the recent Wannacrypt ransomware attack. This is indeed a very proud claim considering the panic the attack created. Even more, they have another claim. Microsoft claims that its new operating system Windows 10 S is not vulnerable to any known ransomware. While the success of Windows 10 in controlling the WannaCrypt ransomware attack is phenomenal, not all users use Windows 10. Rather, many still rely on unsupported versions of Windows. While Microsoft is neither responsible for unsupported versions nor accountable, they understand how crucial it could be for their customer base and keep pushing updates to help them as well. A 4-step policy followed by Microsoft is as follows: You can download the PDF document from Microsoft by clicking here.
Ransomware Response Playbook from Microsoft
Microsoft has also released a Ransomware Response Playbook. Ransomware attacks can happen to both home users as well as corporate and enterprises. Ransomware can result in huge monetary losses if left unabated. Users’ privacy has been one of the major concerns at Microsoft and thus the company yesterday released its new Ransomware Response Playbook which addresses the issue of Ransomware and explains how enterprises can use the Windows Defender ATP to detect, examine, remove and avoid the ransomware threats in their networks.
The Ransomware Response Playbook provides detailed information on how the enterprises can detect the ransomware and remove it with the help of Windows Defender Advanced Threat Protection. To illustrate well, the playbook uses Cerber-Ransomware, an actual ransomware infection that has been in the highlight for more than a year now. The playbook covers the following topics-
Discovering and mitigating Ransomware- Several ways of discovering ransomware and managing alerts. It also includes how you can isolate your infected machine so as to avoid spreading.Investigating the delivery and arrival- How the ransomware is delivered to your network and the common infection patterns.Scope the incident and check if the infection is spread to other machines connected to your network.Protection against Ransomware includes email-borne ransomware, an infection that lands through web browsers, and more.Enhancing the endpoint defenses on your network- This section shows how you can enhance protection on your machines.Blocking malicious domains, IPs and URLs- Learn how blocking the malicious domains can prevent your machines from this attack.Recovering your machine from ransomware infection- The eBook guides you on how to remove the entire threat components from your machine and prevent them from spreading in other machines connected via the same network.
The eBook also includes reference links where you can learn more about the Ransomware attacks and the methods to evade those attacks and infections. The eBook is available for free download at Microsoft. Just click on the download button and read it using a web browser or a PDF reader.