Microsoft Will Change a Windows Security Default to Block Ransomware

Microsoft Will Change a Windows Security Default to Block Ransomware

Most of the new Windows features we talk about are user-facing, be it a new taskbar gimmick or a return of third-party widgets. But what’s going on behind the scenes can be even more important. In the latest Insider builds of Windows 11, Microsoft has changed a security default that could keep ransomware out of your PC. Why it didn’t do this years ago is anyone’s guess.

Ransomware is a relatively new phenomenon on the internet, the rise of which appears to mirror that of cryptocurrency. Ransomware is a specific type of malware designed to encrypt a victim’s files and then charge for the key needed to recover them. Those affected might have to cough up hundreds or thousands of dollars in crypto to get their files back, and it’s not just individuals who are targeted. Large businesses and even hospitals have been compromised with ransomware, and the cost to decrypt data can be much steeper. Game developer CD Projekt Red (CDPR) was hit just last year in the wake of its disastrous Cyberpunk 2077 launch

In the newest Insider builds (starting with 22528.1000) Windows 11 will use a security lockout protocol for Remote Desktop Protocol (RDP). Dave Weston, Microsoft’s head of OS security, provided some details on Twitter. After 10 incorrect password attempts, RDP access will be shut off for 10 minutes. After that timer has expired, you get ten more tries.

@windowsinsider Win11 builds now have a DEFAULT account lockout policy to mitigate RDP and other brute force password vectors. This technique is very commonly used in Human Operated Ransomware and other attacks – this control will make brute forcing much harder which is awesome! pic.twitter.com/ZluT1cQQh0

— David Weston (DWIZZZLE) (@dwizzzleMSFT) July 20, 2022

Weston notes that brute forcing RDP credentials is one of the most common ways ransomware operators gain access to systems. There are even groups online that focus on gaining access to systems via RDP, which they can then sell to anyone who wants to execute a ransomware attack.

These features were already in Windows 11 — and Windows 10, for that matter. However, almost no one turned them on, even in enterprise environments. Soon, it will be the default on all Windows 11 machines. Microsoft will also backport this change to Windows 10 desktop and server. While there might be some small inconvenience for RDP users, it’s a small sacrifice in the name of security. Microsoft already defaults to block internet macros in Office, which is another prime avenue for ransomware attacks.

Microsoft hasn’t said how it will deploy the change to Windows 10 and 11, but it will most likely arrive in a low-key security update rather than a major feature update.

Continue reading

Windows 11 Makes It Tougher to Change Your Default Web Browser
Windows 11 Makes It Tougher to Change Your Default Web Browser

Microsoft has removed the ability to change your browser via a single option in Windows 11. Currently, Windows 11 testers need to change multiple settings if they want to use anything but Microsoft Edge.

Firefox 91 Circumvents Windows Browser Default Protections
Firefox 91 Circumvents Windows Browser Default Protections

Firefox has quietly implemented a new feature to switch your defaults without digging around in the Windows settings. How long that will last is anyone's guess.

Microsoft Enables Edge Sync By Default, Hoovering Up Your Data in the Process
Microsoft Enables Edge Sync By Default, Hoovering Up Your Data in the Process

Microsoft appears to be enabling Edge's "Sync" feature by default, whether you want it or not.

Microsoft Reverses Course on Windows 11 Default Browser Settings
Microsoft Reverses Course on Windows 11 Default Browser Settings

Microsoft is testing a new feature in an Insider build of Windows 11 that lets you change your default browser with just a single click.