Skip to main content
Skip to main content
Microsoft Security

Windows 10 Creators Update provides next-gen ransomware protection

  • Rob Lefferts Corporate Vice President, Microsoft 365 Security

Multiple high-profile incidents have demonstrated that ransomware can have catastrophic effects on all of us. From personally losing access to your own digital property, to being impacted because critical infrastructure or health care services are unexpectedly unavailable for extended periods of time, destructive attacks have grown in severity and scale on all platforms – including Mac, Linux, and Windows.

The trend towards increasingly sophisticated malware behavior, highlighted by the use of exploits and other attack vectors, makes older platforms so much more susceptible to ransomware attacks. From June to November 2017, Windows 7 devices were 3.4 times more likely to encounter ransomware compared to Windows 10 devices.

Read our latest report: A worthy upgrade: Next-gen security on Windows 10 proves resilient against ransomware outbreaks in 2017

Microsoft recognizes the threat to productivity that brazen modern cybercrime represents and invests significantly in a thoughtful and simple strategy that is proving to be effective as new attacks emerge:

  • We protect by hardening our software and devices; leveraging hardware-based security and exploit mitigations to significantly raise the cost of attack on Windows 10.
  • We recognize that history has demonstrated that highly skilled and well-funded attackers can find unanticipated paths to their objectives. We detect and help prevent against these threats with advanced protection services like Windows Defender Antivirus and Windows Defender Advanced Threat Protection.
  • We enable customers and security experts to respond to threats that may have impacted them with tools like Windows Defender Advanced Threat Protection (Windows Defender ATP). Enterprise security operations personnel must act quickly and confidently with completeness of information to remediate an attack that may have impacted them. To test how Windows Defender ATP can help your organization detect, investigate, and respond to advanced attacks, sign up for a free trial.

This strategy works. No known ransomware works against Windows 10 S — our latest and most hardened operating system. What’s more, no Windows 10 customers were known to be compromised by the recent WannaCrypt (also known as WannaCry) global cyberattack.

Despite the success of Windows 10 in resisting WannaCrypt, we recognize that not every customer is running Windows 10 yet and that social engineering, deceptive software, and out of date systems can fall victim to devastating ransomware attacks. This is why we provide regular software updates and security fixes, even for unsupported versions of Windows in extreme cases, and more importantly, why the Windows 10 Creators Update benefits from new, innovative hardening investments to stop malicious code via features like Kernel Control Flow Guard (kCFG) and Arbitrary Code Guard (ACG) for Edge. These kinds of investments allow us to mitigate specific attacks that have not yet been seen because we are targeting the techniques exploit developers use instead of reacting to specific threats after they emerge.

Windows Defender AV on Windows 10 leverages the power of the cloud and artificial intelligence built on top of the Microsoft Intelligent Security Graph (ISG) to rapidly identify new threats, including ransomware, as they are first seen anywhere around the globe. In Windows 10 Creators Update we significantly enhanced the capability of Windows Defender AV to identify and stop ransomware more accurately and rapidly than ever before – reducing the impact to our customers. Finally, Windows Defender ATP has been updated to include ransomware specific detection capabilities as well as useful remediation actions for security experts who must respond to a ransomware attack on their business.

We provide a deeper level of the technical details on the ransomware specific investments in Windows 10 Creators Update in our new whitepaper Next-gen ransomware protection with Windows 10 Creators Update. The whitepaper is also available in Japanese (日本語).

The paper outlines how Windows 10 Creators Update, combined with the latest version of Windows Defender AV, extensive cloud built with human intelligence, rich machine learning, and next-gen endpoint protection provides the best in-depth protection against ransomware:

We are proud of how well Windows 10 has protected our customers from destructive attacks like ransomware. Our strategy of protect, detect, and respond – combined with Windows as a Service – enables us to dramatically increase the cost of attacking Windows 10 with each successive feature update. And our recommended approach is simple:

  • Implement robust software update deployment technologies. If you don’t have Windows Defender ATP already, we encourage you to sign up for a free trial.
  • Educate users on email, browser and social-engineering-based attacks.
  • Ensure antimalware software is up to date.
  • Back up all critical data to the cloud.

We are hard at work this summer developing our next wave of hardening and mitigations, detection, and response capabilities for release this fall.


Robert Lefferts
Director of Program Management, Windows Enterprise and Security





Talk to us

Questions, concerns, or insights on this story? Join discussions at the Microsoft community and Windows Defender Security Intelligence.

Follow us on Twitter @WDSecurity and Facebook Windows Defender Security Intelligence.