Skip to content

Microsoft Secure

Ransomware-encounter-rate-Windows-10-vs-7

A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware outbreaks in 2017

Adopting reliable attack methods and techniques borrowed from more evolved threat types, ransomware attained new levels of reach and damage in 2017. The following trends characterize the ransomware narrative in the past year: Three global outbreaks showed the force of ransomware in making real-world impact, affecting corporate networks and bringing down critical services like hospitals,...

Read more

layered-machine-learning-models-funnel-3-featured

Detonating a bad rabbit: Windows Defender Antivirus and layered machine learning defenses

Windows Defender Antivirus uses a layered approach to protection: tiers of advanced automation and machine learning models evaluate files in order to reach a verdict on suspected malware. While Windows Defender AV detects a vast majority of new malware files at first sight, we always strive to further close the gap between malware release and...

Read more

Stopping ransomware where it counts: Protecting your data with Controlled folder access

Stopping ransomware where it counts: Protecting your data with Controlled folder access

Windows Defender Exploit Guard is a new set of host intrusion prevention capabilities included with Windows 10 Fall Creators Update. One of its features, Controlled folder access, stops ransomware in its tracks by preventing unauthorized access to your important files. The trend towards increasingly sophisticated malware behavior, highlighted by the use of exploits and other...

Read more

Figure-01_-Infection-cycle-overview

Exploring the crypt: Analysis of the WannaCrypt ransomware SMB exploit propagation

On May 12, there was a major outbreak of WannaCrypt ransomware. WannaCrypt directly borrowed exploit code from the ETERNALBLUE exploit and the DoublePulsar backdoor module leaked in April by a group calling itself Shadow Brokers. The trend towards increasingly sophisticated malware behavior, highlighted by the use of exploits and other attack vectors, makes older platforms...

Read more

02-petya-kill-chain-diagram1

Windows 10 platform resilience against the Petya ransomware attack

The trend towards increasingly sophisticated malware behavior, highlighted by the use of exploits and other attack vectors, makes older platforms so much more susceptible to ransomware attacks. From June to November 2017, Windows 7 devices were 3.4 times more likely to encounter ransomware compared to Windows 10 devices. Read our latest report: A worthy upgrade:...

Read more

Shadowbrokers

Analysis of the Shadow Brokers release and mitigation with Windows 10 virtualization-based security

On April 14, a group calling themselves the Shadow Brokers caught the attention of the security community by releasing a set of weaponized exploits. Shortly thereafter, one of these exploits was used to create wormable malware that we now know as WannaCrypt, which targeted a large number of out-of-date systems and held encrypted files for...

Read more

Windows10CU-updated

Windows 10 Creators Update provides next-gen ransomware protection

Multiple high-profile incidents have demonstrated that ransomware can have catastrophic effects on all of us. From personally losing access to your own digital property, to being impacted because critical infrastructure or health care services are unexpectedly unavailable for extended periods of time, destructive attacks have grown in severity and scale on all platforms – including...

Read more

WannaCrypt-ransom-executable

WannaCrypt ransomware worm targets out-of-date systems

On May 12, 2017 we detected a new ransomware that spreads like a worm by leveraging vulnerabilities that have been previously fixed. While security updates are automatically applied in most computers, some users and enterprises may delay deployment of patches. Unfortunately, the ransomware, known as WannaCrypt, appears to have affected computers that have not applied...

Read more

back-up

World Backup Day is as good as any to back up your data

In today’s security landscape, there are more threats to data than ever before. Beyond corruption caused by hardware or human failure, malware and cyberattacks can put data in serious danger.  That’s why it’s imperative for enterprises, small-and-medium businesses, and individuals to back up data. It must be implemented systematically, not just on World Backup Day...

Read more

Ransomware operators are hiding malware deeper in installer packages

We are seeing a wave of new NSIS installers used in ransomware campaigns. These new installers pack significant updates, indicating a collective move by attackers to once again dodge AV detection by changing the way they package malicious code. These changes are observed in installers that drop ransomware like Cerber, Locky, and others. The trend...

Read more