The Windows Club

TheWindowsClub covers authentic Windows 11, Windows 10 tips, tutorials, how-to's, features, freeware. Created by Anand Khanse, MVP.

Ransomware Response Whitepaper and eBook from Microsoft

Download Windows Speedup Tool to fix errors and make PC run faster

Microsoft has released a whitepaper that talks about how Windows 11/10 offers strong ransomware protection to keep your computer protected at all times. While ransomware was always an issue, it never became the highlight as much as it was after the wrath of the WannaCrypt attack.

Ransomware could have severe effects. The range of the attack could vary from a simple attack on a computer to an attack that halts health and infrastructure services, the latter being a critical issue. If not resolved on time, the monetary loss and other losses could be unbearable. Unfortunately, no platform is safe from ransomware. It has attacked Linux, Mac, and Windows.

Whitepaper on Ransomware protection in Windows

Microsoft's policies regarding Ransomware

While Microsoft was always committed to cyber security, recent incidents have prompted it to take extra measures to recognize and mitigate. A few of them are as follows:

1] Increasing the cost of the attack: A ransomware attack isn’t always free, especially when directed towards larger systems with a wider scope. Since the purpose of a ransomware attack is to extort money, the attacker judges if the attack would be cost-effective and decides accordingly. Microsoft is attempting to harden its software and using hardware-based security, so the cost of attacking a system could be raised. This would deter the attacker from doing so.

2] Advanced Threat Protection: One difficult part of handling ransomware-related threats is that it is never done by amateurs. Well-skilled and well-funded attackers are involved in the cyber-crime. Thus, Microsoft relies on Windows Defender Advanced Threat Protection to counter these threats.

3] Enterprise security operations: Enterprise security operations personnel are well-trained to handle threats with confidentiality of information.

Microsoft claims that no Windows user was affected by the recent Wannacrypt ransomware attack. This is a very proud claim, considering the panic the attack created. Even more, they have another claim. Microsoft claims that its new operating system Windows S is not vulnerable to known ransomware.

While the success of Windows in controlling the WannaCrypt ransomware attack is phenomenal, not all users use Windows 11/10. Rather, many still rely on unsupported versions of Windows. While Microsoft is neither responsible for unsupported versions nor accountable, they understand how crucial it could be for their customer base and keep pushing updates to help them.

A 4-step policy followed by Microsoft is as follows:

  1. To update OS and software on time.
  2. To educate users of attacks and prevention.
  3. To keep checking anti-malware should be up to date.
  4. To back up necessary data on cloud.

You can download the PDF document from Microsoft by clicking here.

Ransomware Response Playbook from Microsoft

Microsoft has also released a Ransomware Response Playbook. Ransomware attacks can happen to both home users as well as corporate and enterprises. Ransomware can result in huge monetary losses if left unabated. Users’ privacy has been one of the major concerns at Microsoft and thus, the company yesterday released its new Ransomware Response Playbook which addresses the issue of Ransomware and explains how enterprises can use the Windows Defender ATP to detect, examine, remove, and avoid the ransomware threats in their networks.

Ransomware Response Playbook

The Ransomware Response Playbook provides detailed information on how enterprises can detect ransomware and remove it with the help of Windows Defender Advanced Threat Protection. To illustrate well, the playbook uses Cerber-Ransomware, an actual ransomware infection that has been in the highlight for more than a year now.

The playbook covers the following topics-

  • Discovering and mitigating Ransomware- Several ways of discovering ransomware and managing alerts. It also includes how you can isolate your infected machine so as to avoid spreading.
  • Investigating the delivery and arrival- How the ransomware is delivered to your network and the common infection patterns.
  • Scope the incident and check if the infection is spread to other machines connected to your network.
  • Protection against Ransomware includes email-borne ransomware, an infection that lands through web browsers, and more.
  • Enhancing the endpoint defenses on your network- This section shows how you can enhance protection on your machines.
  • Blocking malicious domains, IPs and URLs- Learn how blocking the malicious domains can prevent your machines from this attack.
  • Recovering your machine from ransomware infection- The eBook guides you on how to remove the entire threat components from your machine and prevent them from spreading in other machines connected via the same network.

The eBook also includes reference links to learn more about the Ransomware attacks and the methods to evade those attacks and infections.

The eBook is available for free download at Microsoft. Just click the download button and read it using a web browser or a PDF reader.

AnandK@TWC

Anand Khanse is the Admin of TheWindowsClub.com, a 10-year Microsoft MVP (2006-16) & a Windows Insider MVP (2016-2022). Please read the entire post & the comments first, create a System Restore Point before making any changes to your system & be careful about any 3rd-party offers while installing freeware.