Microsoft 365 Defender now disrupts ransomware
Microsoft 365 Defender now automatically disrupts ransomware attacks, giving business customers — but not consumers, yet — a bit more peace of mind in avoiding ransomware.
Microsoft made the announcement at its Microsoft Ignite conference, where the company unveiled improvements to many of its business applications.
Microsoft 365 Defender is one of a number of frustratingly similar security offerings Microsoft offers. Microsoft 365 Defender is not Windows Defender, but does include Microsoft Defender for Office 365. Unfortunately, the protections implemented within Microsoft Defender for Office 365 don’t include Microsoft Defender for Office 365 Family or Personal, the popular consumer versions.
Essentially, Microsoft’s new ransomware protections seem to boil down to this: “[The new ransomware protection] is possible because Microsoft 365 Defender collects and correlates signals across endpoints, identities, emails, documents and cloud apps into unified incidents and uses the breadth of signal to identify attacks early with a high level of confidence,” Microsoft says.
Unfortunately, consumers don’t generate enough “signals” to allow Microsoft to port this capability over to Microsoft Defender for Office 365 Family or Personal. “The new capability correlates signals from endpoints, email, identities, and cloud apps in Microsoft’s Extended Detection and Response (XDR) platform, Microsoft 365 Defender, to stop lateral movement of highly sophisticated attacks like ransomware,” Microsoft said in a statement. “These types of attacks typically target organizations.
“Microsoft 365 Family and Microsoft Personal on the other hand are consumer subscriptions focused on productivity, where end users do not manage the underlying infrastructure and therefore this scenario doesn’t apply,” the company added.
What Microsoft 365 Defender does do for businesses, however, is to “automatically contain affected assets, such as endpoints or user identities,” the company said. “This helps stop ransomware from spreading laterally, which can substantially reduce the overall cost of an attack while improving a company’s resiliency to recover. The security operations team stays in full control of investigating, remediating and bringing assets back online once they are returned to a healthy state.”
How to protect yourself from ransomware within Windows
But if you do have Windows Defender on a home machine, you can already help defend yourself from ransomware. Within the Windows 10/11 Settings menu, type in “ransomware protection” into the search field. This will open Windows Security, and the “Ransomware protection” section. Here, you’ll have a choice to turn on “controlled folder access” (preventing access to your files and folders by “unfriendly apps”). (However, if you use a third-party antivirus or antimalware app, you might not be able to toggle this on.) You can also set up OneDrive from the same page to help protect and restore files if your PC is infected.
Mark Hachman / IDG
Unfortunately, it’s unclear whether or not the consumer versions of Defender can be protected automatically from ransomware, as Microsoft 365 Defender is. Perhaps in the future?