Published in News

Windows 11 should be better at ransomware attacks

by on04 August 2022


Microsoft Defender for Endpoint cybersecurity platform

Windows 11 is about to get improvements to the Microsoft Defender for Endpoint cybersecurity platform so it is better at protecting users from ransomware and other “advanced attacks”

Writing in the Volish bog, Microsoft's Beta Channel launch comes with a handful of new features and upgrades, including one which, “enhanced Microsoft Defender for Endpoint’s ability to identify and intercept ransomware and advanced attacks.”

Vole has gotten better at deploying ransomware across organisations to the point where cybersecurity firms, are urging organisations not to pay the ransom, as there is no guarantee they’ll get their data back, and no guarantee they won’t be attacked again.

RDP remains the top method for initial access in ransomware deployments, with groups specialising in compromising RDP endpoints and selling them to others for access.

Win11 has a default account lockout policy to mitigate RDP and other brute force password vectors. This technique is very commonly used in Human Operated Ransomware and other attacks – this control will make brute forcing much harder. 

Weston emphasised "default" because the policy is already an option in Windows 10 but isn't enabled by default.

 

Last modified on 04 August 2022
Rate this item
(2 votes)

Read more about: