事实(Ransomware)证明,在处理Windows 11/10上的恶意软件时,勒索软件对包括微软(Microsoft)在内的所有计算机用户来说都是一项重大挑战。事实上,该公司声称勒索软件的变种在过去 12 个月中增加了一倍多。虽然其他类型的病毒和木马是短期的和可提取的,但勒索软件(Ransomware)的工作前提是勒索资金,以换取不删除您所有重要文件和文档。除此之外,攻击者用于实施勒索软件攻击的方法和手段多种多样、复杂且成本高昂。以下是Windows 11/10如何处理 PC 上的勒索软件威胁。
(Ransomware)Windows 11/10勒索软件保护
Windows添加了新技术来增强对恶意软件的保护,包括与勒索软件相关的威胁。Microsoft已使某些漏洞在使用Microsoft Edge时极难发挥作用,并增强了URL信誉以更好地通知您可能不安全的网站。我们提高了阻止电子邮件攻击到达我们的消费者和商业生产力套件客户的能力。Microsoft已发布Windows Defender ATP,以使公司更容易调查和响应勒索软件攻击等等!
阅读(Read):如何在 Windows Defender 中启用和配置勒索软件保护(Ransomware Protection in Windows Defender)。
RANSOMWARE PROTECTION IN WINDOWS 11/10
为了防止攻击者导致勒索软件,Windows 11/10对您的计算机进行了一些重大改进。所以你需要首先做以下事情来保持保护:
- 更新到最新的 Windows 11/10 版本并切换到默认设置。
- 使用最新版本更新您的操作系统和安装的软件。
- 妥善管理您的备份和恢复策略。
(Apply)微软表示,在(Microsoft)Windows 11/10应用这些保护措施可增强您的网络安全性:
- 使用LAPS等工具随机化本地管理员密码。
- 应用帐户锁定政策。
- 通过修补暴露的系统来确保良好的周边安全。
针对漏洞应用(Apply)缓解因素,例如MFA或供应商提供的缓解指南。 - 利用主机防火墙来限制横向移动。
- 防止端点在SMB的(SMB)TCP端口 445上进行通信。这将对大多数网络产生有限的负面影响,但会严重破坏对手的活动。
- 为Microsoft Defender 防病毒软件(Microsoft Defender Antivirus)或防病毒产品的同等产品启用云提供的保护,以涵盖快速发展的攻击者工具和技术。
- 打开篡改(Tamper)保护功能以防止攻击者停止安全服务。
- 打开攻击面减少规则,包括可以阻止勒索软件活动的规则:
- 使用(Use)针对勒索软件的高级保护
- 阻止(Block)源自PsExec和WMI命令的进程创建
- 阻止(Block)从Windows本地安全机构子系统 (lsass.exe)窃取凭据
相关阅读:(Related reads:)
- 如何启用和使用受控文件夹访问
- 如何通过受控文件夹访问允许应用程序
- 如何使用组策略和 PowerShell 配置受控文件夹访问(How to configure Controlled Folder Access using Group Policy & PowerShell)
- 将受控文件夹访问命令添加到上下文菜单。
勒索软件预防
正如上个月所见,一些恶意软件攻击者正在使用Adobe Flash等软件进入浏览器并损害您的计算机。因此,通过新的更新,Microsoft更新了Adobe Flash ,使其在(Adobe Flash)Microsoft Edge浏览器上的隔离容器中工作。该更新还在Edge上引入了一项功能,该功能不允许恶意软件离开浏览器并影响其他程序。Microsoft Edge上的这种边界收紧将有助于遏制勒索软件并加快删除过程。这些改进还阻止恶意软件在客户系统上静默下载和执行额外的有效负载。
- 改进的 SmartScreen(Improved SmartScreen)
为了更好地从一开始就防止基于浏览器的勒索软件到达用户手中,Microsoft通过从(Microsoft)Microsoft Intelligent Security Graph的一部分来源中培养大量数据来扩展SmartScreen Filter。当您无意中单击了可能导致不安全网站的链接时,Windows 10能够通知您该网站可能是恶意的。
勒索软件攻击者的另一个主要分发渠道是通过电子邮件附件。他们可以通过电子邮件发送恶意链接,然后被易受攻击的用户点击。微软(Microsoft)声称已经改进了机器学习模型和启发式方法来捕获电子邮件中分布的恶意软件,并开发了更快的签名传递通道,以便更快地在邮件中更新Windows Defender 。结果将提高消费者和商业客户的保护水平。查看打开电子邮件附件(when opening email attachments)或单击 Web 链接(clicking on web links)之前要采取的预防措施。
除了保护浏览器和电子邮件服务器上的所有松散端外,微软(Microsoft)还引入了更好、更高效的机器学习,这将为更严格地实施勒索软件防御铺平道路。改进的机器学习技术可以快速检测恶意软件。检测、分析、然后尝试删除恶意软件的整个过程成为一项在几分钟内完成的任务。
阅读(Read):防止和防止勒索软件攻击(Protect against and prevent Ransomware attacks)。
勒索软件检测
- Windows Defender的(Windows Defender)
Windows Defender一直是 Windows 的默认安全软件,在 XP 时代出现了。该软件变得越来越强大。该更新现在可以使用改进的云保护和自动样本提交功能更快地响应新威胁,以在发现恶意软件时阻止它们。Windows Defender 的行为启发式已得到改进,以帮助确定文件是否正在执行与勒索软件相关的活动,然后更快地检测并采取行动。它还有助于防御企业网络中的勒索软件感染。
阅读:(Read:) 勒索软件攻击和保护。(Ransomware Attacks and Protection.)
采取的行动
在Windows Defender(Windows Defender)的帮助下检测到勒索软件后,就该应对攻击了。Windows 10 带来了新的Windows Defender 高级威胁防护服务,该服务增加了公司检测和阻止通过其他保护方法进行的攻击的能力。Windows Defender ATP将从机器收集的安全事件与云分析相结合,以检测攻击迹象并帮助您的 PC 远离。
除此之外,微软(Microsoft)还推出了一项新功能——“一见钟情(Block at First Sight)”——这是一项默认开启的云保护服务。
因此,这就是 Windows 11/10借助它引入的新功能帮助您抵御勒索软件的方式。(Ransomware)
虽然网络攻击永远无法完全避免,但微软(Microsoft)正在追求一个未来,以最大限度地减少此类攻击的影响并始终保护Windows 。
现在阅读:(Now read:) 在您的 Windows 计算机上遭到勒索软件攻击后该怎么办?(What to do after a Ransomware attack on your Windows computer?)
Ransomware protection in Windows 11/10
Ransomware is proving to be a major challenge for computer users all over, including Microsoft when it comes to handling malware on Windows 11/10. In fact, the company claims that the variants of ransomware have more than doubled in the past 12 months. And while other kinds of viruses and trojans are short-term and extractable, Ransomware works on the premise of extorting funds in return for non-deletion of all your important files and documents. To add to that, methods and means attackers are using to perpetrate ransomware attacks are varied, complex and costly. Here is how Windows 11/10 deals with the threat of ransomware on your PC.
Ransomware protection in Windows 11/10
Windows has added new technology to increase protection against malware, including ransomware-related threats. Microsoft has made it so that it is extremely difficult for certain exploits to work when using Microsoft Edge, and enhanced URL reputation to better notify you about potentially unsafe websites. We increased the ability to block email attacks from ever reaching our consumer and commercial productivity suite customers. Microsoft has released Windows Defender ATP to make it easier for companies to investigate and respond to ransomware attacks, and more!
Read: How to enable and configure Ransomware Protection in Windows Defender.
RANSOMWARE PROTECTION IN WINDOWS 11/10
For protection against attackers causing ransomware, Windows 11/10 has some significant improvements for your computer. So you need to do the following things first to stay protected:
- Update to the latest Windows 11/10 version and switch to default settings.
- Keep your operating system and installed software updated with the latest versions.
- Manage your backup and restore strategy well.
Apply these protection measures in Windows 11/10 to make your network security stronger, says Microsoft:
- Randomize local administrator passwords using a tool such as LAPS.
- Apply Account Lockout Policy.
- Ensure good perimeter security by patching exposed systems.
Apply mitigating factors, such as MFA or vendor-supplied mitigation guidance, for vulnerabilities. - Utilize host firewalls to limit lateral movement.
- Prevent endpoints from communicating on TCP port 445 for SMB. This will have limited negative impact on most networks, but can significantly disrupt adversary activities.
- Turn on cloud-delivered protection for Microsoft Defender Antivirus or the equivalent for your antivirus product to cover rapidly evolving attacker tools and techniques.
- Turn on Tamper protection features to prevent attackers from stopping security services.
- Turn on attack surface reduction rules, including rules that can block ransomware activity:
- Use advanced protection against ransomware
- Block process creations originating from PsExec and WMI commands
- Block credential stealing from the Windows local security authority subsystem (lsass.exe)
Related reads:
RANSOMWARE PREVENTION
As seen last month, some malware attackers were using software like Adobe Flash to get into browsers and harm your computers. So, with the new update, Microsoft has updated Adobe Flash to work in an isolated container on the Microsoft Edge browser. The update also brings in a feature on Edge that doesn’t allow malware to leave the browser and affect other programs. This border tightening on Microsoft Edge will help contain the ransomware and fasten the removal process. These improvements also block malware from silently downloading and executing additional payloads on customers’ systems.
In order to do a better job of preventing browser-based ransomware from reaching users in the first place, Microsoft extended SmartScreen Filter by cultivating a broad set of data from sources that are part of the Microsoft Intelligent Security Graph. When you unwittingly click on a link that could lead to an unsafe website, Windows 10 has the ability to notify you that the site could be malicious.
Another major distribution channel for ransomware attackers is via email attachments. They can send across malicious links via emails, which are then clicked by vulnerable users. Microsoft claims to have advanced the machine learning models and heuristics to catch malware distributed in the email and developed a faster signature delivery channel to update the Windows Defender faster on mail. The result will be improved protection levels for both consumer and commercial customers. Take a look at the precautions to take when opening email attachments or before clicking on web links.
Apart from protecting all the loose ends on their browser and email servers, Microsoft has also introduced a better and more efficient Machine Learning that will pave the way for the tougher implementation of ransomware defense. The improved machine learning techniques can detect malware quickly. The entire process of detecting, analyzing, and then trying to remove malware becomes a task that is completed in minutes.
Read: Protect against and prevent Ransomware attacks.
RANSOMWARE DETECTION
Windows Defender has been Windows’ default security software, which saw the light of day during the XP times. The software has become tougher and stronger. The update can now respond to new threats faster using improved cloud protection and automatic sample submission features to block malware as and when they are spotted. Windows Defender’s behavioral heuristics have been improved to help determine if a file is performing ransomware-related activities, and then detect and take action more quickly. It also helps defend against Ransomware infections in Corporate Networks.
Read: Ransomware Attacks and Protection.
ACTION TO BE TAKEN
Once the ransomware has been detected with the help of Windows Defender, it is time to tackle the attack. Windows 10 brings with it the new Windows Defender Advanced Threat Protection service which adds the ability for companies to detect and prevent attacks that have made it through the other protection methods. Windows Defender ATP combines security events collected from the machines with cloud analytics to detect signs of attacks and help your PC stay away.
Apart from this, Microsoft is also initiating a new feature – ‘Block at First Sight‘ – which is a cloud protection service that has been turned on by default.
So this is how Windows 11/10 helps to keep you protected against Ransomware, with the help of new features that it introduces.
While cyber-attacks are never completely avoidable, Microsoft is pursuing a future with to minimize the impact of such attacks and keep Windows protected at all times.
Now read: What to do after a Ransomware attack on your Windows computer?