Microsoft Will Change a Windows Security Default to Block Ransomware

Microsoft Will Change a Windows Security Default to Block Ransomware

Most of the new Windows features we talk about are user-facing, be it a new taskbar gimmick or a return of third-party widgets. But what’s going on behind the scenes can be even more important. In the latest Insider builds of Windows 11, Microsoft has changed a security default that could keep ransomware out of your PC. Why it didn’t do this years ago is anyone’s guess.

Ransomware is a relatively new phenomenon on the internet, the rise of which appears to mirror that of cryptocurrency. Ransomware is a specific type of malware designed to encrypt a victim’s files and then charge for the key needed to recover them. Those affected might have to cough up hundreds or thousands of dollars in crypto to get their files back, and it’s not just individuals who are targeted. Large businesses and even hospitals have been compromised with ransomware, and the cost to decrypt data can be much steeper. Game developer CD Projekt Red (CDPR) was hit just last year in the wake of its disastrous Cyberpunk 2077 launch

In the newest Insider builds (starting with 22528.1000) Windows 11 will use a security lockout protocol for Remote Desktop Protocol (RDP). Dave Weston, Microsoft’s head of OS security, provided some details on Twitter. After 10 incorrect password attempts, RDP access will be shut off for 10 minutes. After that timer has expired, you get ten more tries.

@windowsinsider Win11 builds now have a DEFAULT account lockout policy to mitigate RDP and other brute force password vectors. This technique is very commonly used in Human Operated Ransomware and other attacks – this control will make brute forcing much harder which is awesome! pic.twitter.com/ZluT1cQQh0

— David Weston (DWIZZZLE) (@dwizzzleMSFT) July 20, 2022

Weston notes that brute forcing RDP credentials is one of the most common ways ransomware operators gain access to systems. There are even groups online that focus on gaining access to systems via RDP, which they can then sell to anyone who wants to execute a ransomware attack.

These features were already in Windows 11 — and Windows 10, for that matter. However, almost no one turned them on, even in enterprise environments. Soon, it will be the default on all Windows 11 machines. Microsoft will also backport this change to Windows 10 desktop and server. While there might be some small inconvenience for RDP users, it’s a small sacrifice in the name of security. Microsoft already defaults to block internet macros in Office, which is another prime avenue for ransomware attacks.

Microsoft hasn’t said how it will deploy the change to Windows 10 and 11, but it will most likely arrive in a low-key security update rather than a major feature update.

Continue reading

Third-Party Repair Shops May Be Blocked From Servicing iPhone 12 Camera
Third-Party Repair Shops May Be Blocked From Servicing iPhone 12 Camera

According to a recent iFixit report, Apple's hostility to the right of repair has hit new heights with the iPhone 12 and iPhone 12 Pro.

Intel, Nvidia Deny Blocking AMD From High-End Mobile Gaming
Intel, Nvidia Deny Blocking AMD From High-End Mobile Gaming

There's a rumor going around that Intel and Nvidia are conspiring to keep AMD out of high-end gaming. Both companies deny it, and there are objective reasons to think it isn't true.

Apple Urges Immediate iPhone Update to Block Active Online Hacks
Apple Urges Immediate iPhone Update to Block Active Online Hacks

There's a new version of Apple's iOS software for iPhone and iPad devices, and as usual, Apple is going to start pestering users to update. This time, the nagging for iOS 14.4 comes with a little more urgency.

Nintendo Switch Sales Blow Past 3DS, Animal Crossing Moves 31M Copies
Nintendo Switch Sales Blow Past 3DS, Animal Crossing Moves 31M Copies

The Nintendo Switch had an absolutely fabulous year, and so did its software library.