Skip to main content Why Microsoft Security AI-powered cybersecurity Cloud security Data security & governance Identity & network access Privacy & risk management Security for AI Unified SecOps Zero Trust Microsoft Defender Microsoft Entra Microsoft Intune Microsoft Priva Microsoft Purview Microsoft Sentinel Microsoft Security Copilot Microsoft Entra ID (Azure Active Directory) Microsoft Entra Agent ID Microsoft Entra External ID Microsoft Entra ID Governance Microsoft Entra ID Protection Microsoft Entra Internet Access Microsoft Entra Private Access Microsoft Entra Permissions Management Microsoft Entra Verified ID Microsoft Entra Workload ID Microsoft Entra Domain Services Azure Key Vault Microsoft Sentinel Microsoft Defender for Cloud Microsoft Defender XDR Microsoft Defender for Endpoint Microsoft Defender for Office 365 Microsoft Defender for Identity Microsoft Defender for Cloud Apps Microsoft Security Exposure Management Microsoft Defender Vulnerability Management Microsoft Defender Threat Intelligence Microsoft Defender Suite for Business Premium Microsoft Defender for Cloud Microsoft Defender Cloud Security Posture Mgmt Microsoft Defender External Attack Surface Management Azure Firewall Azure Web App Firewall Azure DDoS Protection GitHub Advanced Security Microsoft Defender for Endpoint Microsoft Defender XDR Microsoft Defender for Business Microsoft Intune core capabilities Microsoft Defender for IoT Microsoft Defender Vulnerability Management Microsoft Intune Advanced Analytics Microsoft Intune Endpoint Privilege Management Microsoft Intune Enterprise Application Management Microsoft Intune Remote Help Microsoft Cloud PKI Microsoft Purview Communication Compliance Microsoft Purview Compliance Manager Microsoft Purview Data Lifecycle Management Microsoft Purview eDiscovery Microsoft Purview Audit Microsoft Priva Risk Management Microsoft Priva Subject Rights Requests Microsoft Purview Data Governance Microsoft Purview Suite for Business Premium Microsoft Purview data security capabilities Pricing Services Partners Cybersecurity awareness Customer stories Security 101 Product trials How we protect Microsoft Industry recognition Microsoft Security Insider Microsoft Digital Defense Report Security Response Center Microsoft Security Blog Microsoft Security Events Microsoft Tech Community Documentation Technical Content Library Training & certifications Compliance Program for Microsoft Cloud Microsoft Trust Center Security Engineering Portal Service Trust Portal Microsoft Secure Future Initiative Business Solutions Hub Contact Sales Start free trial Microsoft Security Azure Dynamics 365 Microsoft 365 Microsoft Teams Windows 365 Microsoft AI Azure Space Mixed reality Microsoft HoloLens Microsoft Viva Quantum computing Sustainability Education Automotive Financial services Government Healthcare Manufacturing Retail Find a partner Become a partner Partner Network Microsoft Marketplace Marketplace Rewards Software development companies Blog Microsoft Advertising Developer Center Documentation Events Licensing Microsoft Learn Microsoft Research View Sitemap
  • News
  • 3 min read

Windows 10 Creators Update provides next-gen ransomware protection

By , Corporate Vice President, Microsoft Threat Protection

Tags

Content types

Products and services

Topics

Multiple high-profile incidents have demonstrated that ransomware can have catastrophic effects on all of us. From personally losing access to your own digital property, to being impacted because critical infrastructure or health care services are unexpectedly unavailable for extended periods of time, destructive attacks have grown in severity and scale on all platforms – including Mac, Linux, and Windows.

Microsoft recognizes the threat to productivity that brazen modern cybercrime represents and invests significantly in a thoughtful and simple strategy that is proving to be effective as new attacks emerge:

  • We protect by hardening our software and devices; leveraging hardware-based security and exploit mitigations to significantly raise the cost of attack on Windows 10.
  • We recognize that history has demonstrated that highly skilled and well-funded attackers can find unanticipated paths to their objectives. We detect and help prevent against these threats with advanced protection services like Windows Defender Antivirus and Windows Defender Advanced Threat Protection.
  • We enable customers and security experts to respond to threats that may have impacted them with tools like Windows Defender Advanced Threat Protection (Windows Defender ATP). Enterprise security operations personnel must act quickly and confidently with completeness of information to remediate an attack that may have impacted them. To test how Windows Defender ATP can help your organization detect, investigate, and respond to advanced attacks, sign up for a free trial.

This strategy works. No known ransomware works against Windows 10 S — our latest and most hardened operating system. What’s more, no Windows 10 customers were known to be compromised by the recent WannaCrypt (also known as WannaCry) global cyberattack.

Despite the success of Windows 10 in resisting WannaCrypt, we recognize that not every customer is running Windows 10 yet and that social engineering, deceptive software, and out of date systems can fall victim to devastating ransomware attacks. This is why we provide regular software updates and security fixes, even for unsupported versions of Windows in extreme cases, and more importantly, why the Windows 10 Creators Update benefits from new, innovative hardening investments to stop malicious code via features like Kernel Control Flow Guard (kCFG) and Arbitrary Code Guard (ACG) for Edge. These kinds of investments allow us to mitigate specific attacks that have not yet been seen because we are targeting the techniques exploit developers use instead of reacting to specific threats after they emerge.

Windows Defender AV on Windows 10 leverages the power of the cloud and artificial intelligence built on top of the Microsoft Intelligent Security Graph (ISG) to rapidly identify new threats, including ransomware, as they are first seen anywhere around the globe. In Windows 10 Creators Update we significantly enhanced the capability of Windows Defender AV to identify and stop ransomware more accurately and rapidly than ever before – reducing the impact to our customers. Finally, Windows Defender ATP has been updated to include ransomware specific detection capabilities as well as useful remediation actions for security experts who must respond to a ransomware attack on their business.

We provide a deeper level of the technical details on the ransomware specific investments in Windows 10 Creators Update in our new whitepaper Next-gen ransomware protection with Windows 10 Creators Update. The whitepaper is also available in Japanese (日本語).

The paper outlines how Windows 10 Creators Update, combined with the latest version of Windows Defender AV, extensive cloud built with human intelligence, rich machine learning, and next-gen endpoint protection provides the best in-depth protection against ransomware:

A chart describing the different advantages of Windows Defender AV

We are proud of how well Windows 10 has protected our customers from destructive attacks like ransomware. Our strategy of protect, detect, and respond – combined with Windows as a Service – enables us to dramatically increase the cost of attacking Windows 10 with each successive feature update. And our recommended approach is simple:

  • Implement robust software update deployment technologies. If you don’t have Windows Defender ATP already, we encourage you to sign up for a free trial.
  • Educate users on email, browser and social-engineering-based attacks.
  • Ensure antimalware software is up to date.
  • Back up all critical data to the cloud.

We are hard at work this summer developing our next wave of hardening and mitigations, detection, and response capabilities for release this fall.

Robert Lefferts
Director of Program Management, Windows Enterprise and Security

Talk to us

Questions, concerns, or insights on this story? Join discussions at the Microsoft community and Windows Defender Security Intelligence.

Follow us on Twitter @WDSecurity.

Headshot of Rob Lefferts.

Rob Lefferts

Corporate Vice President, Microsoft Threat Protection

See Rob Lefferts posts

Related posts

Get started with Microsoft Security

Protect your people, data, and infrastructure with AI-powered, end-to-end security from Microsoft.

Learn how

Connect with us on social

Surface Pro Surface Laptop Surface Laptop Studio 2 Copilot for organizations Copilot for personal use AI in Windows Explore Microsoft products Windows 11 apps Account profile Download Center Microsoft Store support Returns Order tracking Certified Refurbished Microsoft Store Promise Flexible Payments Microsoft in education Devices for education Microsoft Teams for Education Microsoft 365 Education How to buy for your school Educator training and development Deals for students and parents AI for education
Microsoft AI Microsoft Security Dynamics 365 Microsoft 365 Microsoft Power Platform Microsoft Teams Microsoft 365 Copilot Small Business Azure Microsoft Developer Microsoft Learn Support for AI marketplace apps Microsoft Tech Community Microsoft Marketplace Marketplace Rewards Visual Studio Careers About Microsoft Company news Privacy at Microsoft Investors Diversity and inclusion Accessibility Sustainability
English (United States)
Your Privacy Choices Opt-Out Icon Your Privacy Choices
Consumer Health Privacy Sitemap Contact Microsoft Privacy Manage cookies Terms of use Trademarks Safety & eco Recycling About our ads