Microsoft Will Change a Windows Security Default to Block Ransomware

Microsoft Will Change a Windows Security Default to Block Ransomware

Most of the new Windows features we talk about are user-facing, be it a new taskbar gimmick or a return of third-party widgets. But what’s going on behind the scenes can be even more important. In the latest Insider builds of Windows 11, Microsoft has changed a security default that could keep ransomware out of your PC. Why it didn’t do this years ago is anyone’s guess.

Ransomware is a relatively new phenomenon on the internet, the rise of which appears to mirror that of cryptocurrency. Ransomware is a specific type of malware designed to encrypt a victim’s files and then charge for the key needed to recover them. Those affected might have to cough up hundreds or thousands of dollars in crypto to get their files back, and it’s not just individuals who are targeted. Large businesses and even hospitals have been compromised with ransomware, and the cost to decrypt data can be much steeper. Game developer CD Projekt Red (CDPR) was hit just last year in the wake of its disastrous Cyberpunk 2077 launch

In the newest Insider builds (starting with 22528.1000) Windows 11 will use a security lockout protocol for Remote Desktop Protocol (RDP). Dave Weston, Microsoft’s head of OS security, provided some details on Twitter. After 10 incorrect password attempts, RDP access will be shut off for 10 minutes. After that timer has expired, you get ten more tries.

@windowsinsider Win11 builds now have a DEFAULT account lockout policy to mitigate RDP and other brute force password vectors. This technique is very commonly used in Human Operated Ransomware and other attacks – this control will make brute forcing much harder which is awesome! pic.twitter.com/ZluT1cQQh0

— David Weston (DWIZZZLE) (@dwizzzleMSFT) July 20, 2022

Weston notes that brute forcing RDP credentials is one of the most common ways ransomware operators gain access to systems. There are even groups online that focus on gaining access to systems via RDP, which they can then sell to anyone who wants to execute a ransomware attack.

These features were already in Windows 11 — and Windows 10, for that matter. However, almost no one turned them on, even in enterprise environments. Soon, it will be the default on all Windows 11 machines. Microsoft will also backport this change to Windows 10 desktop and server. While there might be some small inconvenience for RDP users, it’s a small sacrifice in the name of security. Microsoft already defaults to block internet macros in Office, which is another prime avenue for ransomware attacks.

Microsoft hasn’t said how it will deploy the change to Windows 10 and 11, but it will most likely arrive in a low-key security update rather than a major feature update.

Continue reading

Microsoft: Pluton Chip Will Bring Xbox-Like Security to Windows PCs
Microsoft: Pluton Chip Will Bring Xbox-Like Security to Windows PCs

Intel, AMD, and Qualcomm are working to make Pluton part of their upcoming designs, which should make PCs more difficult to hack, but it also bakes Microsoft technology into your hardware.

Apple: ‘It’s Up to Microsoft’ to Get Windows Running on New ARM Macs
Apple: ‘It’s Up to Microsoft’ to Get Windows Running on New ARM Macs

According to Apple, the question of supporting Windows on the M1 is entirely in Microsoft's court.

How Does Windows Use Multiple CPU Cores?
How Does Windows Use Multiple CPU Cores?

We take multi-core awareness for granted these days, but how do the CPU and operating system communicate with each other in the first place?

Minecraft With Ray Tracing Now Available for All Windows 10 Players
Minecraft With Ray Tracing Now Available for All Windows 10 Players

You don't usually think of Minecraft as a realistic game, but the developers have been hard at work adding RTX ray tracing to the game for the last eight months. It's finally out of beta today, and it really works with the blocky look of Minecraft.