dhruv2193
Bardzo aktywny
- Dołączył
- 5 Styczeń 2017
- Posty
- 119
- Reakcje/Polubienia
- 217
OK, there’s finally some good news in the fight against ransomware! Microsoft has been closely watching the onslaught of this new ransomware epidemic and added a slew of new features to the second major update of Win10 called "Creators Update."
Presenting new anti-ransomware protection features added in Win 10 CU, Robert Lefferts, director of program management for Windows Enterprise and Security, said that no Windows 10 customer was affected by the recent WannaCry ransomware outbreak and that no currently known ransomware strain can infect Windows 10.
From a security perspective, CU is a massive improvement. The new security features include the following list:
• Click-to-run for Adobe Flash in Edge — This prevents ransomware and other malware from landing on Windows 10 PCs via exploits kits and drive-by downloads.
• Instant cloud protection via Windows Defender — According to Microsoft, starting with CU, Windows Defender AV can suspend a suspicious file from running and sync with the cloud protection service to further inspect the file.
• Fast remediation mechanism at detection — Microsoft says it has made great strides to "remediate ransomware infection and limit ransomware activity from minutes to seconds, reducing its damage from hundreds of encrypted files to a few." Microsoft credits this to Windows Defender AV’s behavioral engine that can aggregate malware behavior across processes and stages.
• Improved detection for script-based attacks — Microsoft says its Antimalware Scan Interface (AMSI) was modified to intervene during the strategic execution points of JS or VBS script runtimes, two infection vectors often used by ransomware.
• Wow64 compatibility scanning — In CU, Windows Defender AV added a process-scanning feature that uses the Wow64 compatibility layer, enabling it to better inspect system interactions of 32-bit applications running on 64-bit operating systems.
• Process tree visualizations — Feature added to Windows Defender ATP, the commercial version of Windows Defender.
• Artifact searching capabilities — Feature added to Windows Defender ATP.
• Machine isolation and quarantine — Feature added to Windows Defender ATP.
• Windows Edge browser — Better protection against remote code execution attacks.
While this list comprises a number of technical innovations, it simply boils down to better security in your Windows 10 system.
But, there is more that Microsoft does not mention. The new security software, Home Sophos, that we recommend works together with Windows Defender to protect your system from viruses, spyware, malware, and ransomware.
In prior versions of Windows 10, the installation of any anti-virus program automatically turns-off Windows Defender. In the new Creators Edition of Windows, Windows Defender remains active.
NotPetya: A cyber weapon
There has been a recent outbreak of a product called NotPetya that attacks your hard drive without warning
NotPetya is a destructive disk wiper similar to Shamoon, which has targeted Saudi Arabia in the recent past. It became clear that this outbreak is not ransomware, but instead it is a cyber warfare attack. Two separate reports coming from Comae Technologies and Kaspersky Lab experts confirm this now.
Note that Shamoon actually deleted files. NotPetya goes about it slightly differently. It does not delete any data but simply makes it unusable by locking the files and then throwing away the key. The end result is the same.
It was found that someone is hijacking known ransomware families and using them to attack Ukrainian computer systems. This problem is rapidly spreading across the globe, and will most likely hit the United States soon. There are several technical indicators that NotPetya was only made to look as ransomware as a smokescreen.
NotPetya works by overwriting the Master File Table on your disk and that is not recoverable — all of the contents on the disk drive are gone. Evidence is clearly mounting that NotPetya is a cyber-weapon and not just some overly-aggressive ransomware.
The bottom line: Make sure that all of your personal data is backed up and is kept offline from your computer.
If you need help, call us for a consultation.
Stay protected!
Source-http://
Presenting new anti-ransomware protection features added in Win 10 CU, Robert Lefferts, director of program management for Windows Enterprise and Security, said that no Windows 10 customer was affected by the recent WannaCry ransomware outbreak and that no currently known ransomware strain can infect Windows 10.
From a security perspective, CU is a massive improvement. The new security features include the following list:
• Click-to-run for Adobe Flash in Edge — This prevents ransomware and other malware from landing on Windows 10 PCs via exploits kits and drive-by downloads.
• Instant cloud protection via Windows Defender — According to Microsoft, starting with CU, Windows Defender AV can suspend a suspicious file from running and sync with the cloud protection service to further inspect the file.
• Fast remediation mechanism at detection — Microsoft says it has made great strides to "remediate ransomware infection and limit ransomware activity from minutes to seconds, reducing its damage from hundreds of encrypted files to a few." Microsoft credits this to Windows Defender AV’s behavioral engine that can aggregate malware behavior across processes and stages.
• Improved detection for script-based attacks — Microsoft says its Antimalware Scan Interface (AMSI) was modified to intervene during the strategic execution points of JS or VBS script runtimes, two infection vectors often used by ransomware.
• Wow64 compatibility scanning — In CU, Windows Defender AV added a process-scanning feature that uses the Wow64 compatibility layer, enabling it to better inspect system interactions of 32-bit applications running on 64-bit operating systems.
• Process tree visualizations — Feature added to Windows Defender ATP, the commercial version of Windows Defender.
• Artifact searching capabilities — Feature added to Windows Defender ATP.
• Machine isolation and quarantine — Feature added to Windows Defender ATP.
• Windows Edge browser — Better protection against remote code execution attacks.
While this list comprises a number of technical innovations, it simply boils down to better security in your Windows 10 system.
But, there is more that Microsoft does not mention. The new security software, Home Sophos, that we recommend works together with Windows Defender to protect your system from viruses, spyware, malware, and ransomware.
In prior versions of Windows 10, the installation of any anti-virus program automatically turns-off Windows Defender. In the new Creators Edition of Windows, Windows Defender remains active.
NotPetya: A cyber weapon
There has been a recent outbreak of a product called NotPetya that attacks your hard drive without warning
NotPetya is a destructive disk wiper similar to Shamoon, which has targeted Saudi Arabia in the recent past. It became clear that this outbreak is not ransomware, but instead it is a cyber warfare attack. Two separate reports coming from Comae Technologies and Kaspersky Lab experts confirm this now.
Note that Shamoon actually deleted files. NotPetya goes about it slightly differently. It does not delete any data but simply makes it unusable by locking the files and then throwing away the key. The end result is the same.
It was found that someone is hijacking known ransomware families and using them to attack Ukrainian computer systems. This problem is rapidly spreading across the globe, and will most likely hit the United States soon. There are several technical indicators that NotPetya was only made to look as ransomware as a smokescreen.
NotPetya works by overwriting the Master File Table on your disk and that is not recoverable — all of the contents on the disk drive are gone. Evidence is clearly mounting that NotPetya is a cyber-weapon and not just some overly-aggressive ransomware.
The bottom line: Make sure that all of your personal data is backed up and is kept offline from your computer.
If you need help, call us for a consultation.
Stay protected!
Source-http://
Zaloguj
lub
Zarejestruj się
aby zobaczyć!
