Windows 10 Can Protect You From Ransomware Attacks: Microsoft Security Researcher

Windows 10 with Windows Defender ATP offers businesses protection from ransomware attacks such as Cerber

About a week ago, an article was posted on Microsoft’s blog by a security researcher. The post showed that Windows 10 along with Windows Defender ATP can help enterprise users protect their systems from malware epidemics that spread through their networks after infecting the first system, also called “patient zero.”

Microsoft says that users can benefit from the post-infection or post-breach solutions that WDATP (Windows Defender Advanced Threat Protection) provides, and it’s only available with the latest version of Windows.

For many months now, Microsoft has been telling the public that Windows 10 is absolutely the most secure operating system. They’ve been doing this in the hope that users will move more quickly to upgrade to Windows 10, whose adoption rate has only now reached 25% of all desktop systems across consumers and corporate users.

SEE: Windows 10 is Inching Along, January 2017 Shows 25.3% Desktop OS Market Share

In the blog post, Microsoft highlights the continued dominance of Cerber ransomware as the single largest family of ransomeware affecting enterprise users, with more than 2000 encounters recorded during the recent holiday season.

Windows 10 offers the best protection for enterprises against ransomware attacks
Windows 10 with WDATP said to protect companies from ransomware attacks such as Cerber

What Happens when Windows 10 with Windows Defender ATP Meets Cerber?

In a real-life case study, Microsoft showed how Cerber ransomware affecting a corporate user was identified by WDATP on Windows 10. The user downloaded an infected document to their downloads folder. When opened, the document triggered an embedded macro which then launched a PowerShell command that downloaded another component that carried the Cerber payload.

The PowerShell command was spotted by WDATP, and another alert was generated when the command connected to a website to download an executable file. In this particular case, security personnel were able to block the IP address and lock down the firewall so other machines couldn’t download the executable.

WDATP was also able to detect the fact that the Cerber payload on the infected machine was trying to create and launch a copy of itself.

Several other types of “hostile behavior” from this ransomware were detected by WDATP as well.

The gist of this case study is that the organization was able to see and react to the threat almost as soon as the infection began, thereby protecting the network from the payload spreading to other areas.

Windows Defender ATP is available as an option for enterprise and education editions of Win 10, including the following:

  • Windows 10 Enterprise
  • Windows 10 Education
  • Windows 10 Pro
  • Windows 10 Pro Education

Microsoft is offering a free trial of Windows Defender Advanced Threat Protection for all eligible editions of the latest OS from Microsoft.

Of note is the fact that this security product is going to be one of the key drivers of Windows 10 enterprise adoption in 2017. With adoption rates still low after a year and a half of Windows 10 being released, this and other factors will play a huge role in how users upgrade to Microsoft’s latest OS this year.

Thanks for reading our work! Please bookmark to keep tabs on the hottest, most happening tech and business news from around the world. On Apple News, please favorite the 1redDrop channel to get us in your news feed.