Writing in the Volish bog, Microsoft's Beta Channel launch comes with a handful of new features and upgrades, including one which, “enhanced Microsoft Defender for Endpoint’s ability to identify and intercept ransomware and advanced attacks.”
Vole has gotten better at deploying ransomware across organisations to the point where cybersecurity firms, are urging organisations not to pay the ransom, as there is no guarantee they’ll get their data back, and no guarantee they won’t be attacked again.
RDP remains the top method for initial access in ransomware deployments, with groups specialising in compromising RDP endpoints and selling them to others for access.
Win11 has a default account lockout policy to mitigate RDP and other brute force password vectors. This technique is very commonly used in Human Operated Ransomware and other attacks – this control will make brute forcing much harder.
Weston emphasised "default" because the policy is already an option in Windows 10 but isn't enabled by default.