New anti-ransomware security features added in W10CU

No currently known ransomware strain can infect Windows 10 S, said Microsoft today with the release of a new report detailing the next-get ransomware protection features the company introduced with the release of the Windows 10 Creators Update last month.

Microsoft's statement is technically accurate because Windows 10 S won't allow the installation of apps from outside the official Windows Store, which greatly limits the ability of ransomware authors to launch their payloads on infected systems.

Nonetheless, this new version of the Windows 10 operating system is still in development, wasn't made available to the public, and has a market share of 0%.

This means that once Microsoft launches Windows 10 S, things are very likely to change, especially since Windows 10 S is advertised as an operating system for the business and educational sector, two industry verticals very popular among ransomware operators.

Ransomware and other malware authors will eventually turn their focus on finding ways to infect the OS, and ransomware strains capable of infecting Windows 10 S will likely appear, although, it's quite refreshing to hear that no known ransomware strain can infect it right now.

Microsoft: No Windows 10 user was affected by WannaCry

Presenting new anti-ransomware protection features added in Windows 10 Creators Update, Robert Lefferts, Director of Program Management, Windows Enterprise and Security, also confirmed today that no Windows 10 customer was affected by the recent WannaCry ransomware outbreak that took place in mid-May.

There were actually some Windows 10 users who got infected, but those users launched the ransomware by hand and were not infected via WannaCry's self-spreading worm, which didn't have the technical capabilities to infect Windows 10 devices.

New anti-ransomware features added to Windows 10 CU

The Microsoft exec shared these details with the release of a new report detailing the new anti-ransomware features added to Windows 10 in the Creators Update.

This list of new features includes:

Click-to-run for Adobe Flash in Edge — which prevents ransomware and other malware from landing on Windows 10 PCs via exploits kits and drive-by downloads
Instant cloud protection via Windows Defender — According to Microsoft, starting with Creators Update, Windows Defender AV can suspend a suspicious file from running and sync with the cloud protection service to further inspect the file.
Fast remediation mechanism at detection — Microsoft says it has made great strides to "remediate ransomware infection and
limit ransomware activity from minutes to seconds, reducing
its damage from hundreds of encrypted files to a few." Microsoft credits this to Windows Defender AV’s behavioral engine, who can aggregate malware behavior across processes and stages.
Improved detection for script-based attacks — Microsoft says its Antimalware Scan Interface (AMSI) was modified to intervene during the strategic execution points of JS or VBS script runtimes, two infection vectors often used by ransomware.
Wow64 compatibility scanning —In Creators Update, Windows Defender AV added a process-scanning feature that uses the Wow64
compatibility layer, enabling it to better inspect system interactions of 32-bit applications running on 64-bit operating systems.
Process tree visualizations — feature added to Windows Defender ATP, the commercial version of Windows Defender.
Artifact searching capabilities — feature added to Windows Defender ATP, the commercial version of Windows Defender.
Machine isolation and quarantine — feature added to Windows Defender ATP, the commercial version of Windows Defender.

Related Articles:

Windows 10 Ransomware Protection Bypassed Using DLL Injection

Erratic Windows 10 Bug Breaks Changing of Default File Associations

Microsoft Bug is Deactivating Windows 10 Pro Licenses and Downgrading to Home

Microsoft Releases Info on Protecting BitLocker From DMA Attacks

Windows Defender Bug Needs a Restart, Not Shutdown, To Enable Sandbox