When we surf the Internet using our computers we face many dangers. Thus, for example, we have to deal with threats such as viruses, Trojans, computer worms, ransomware and other types of malware. In this regard, it must be borne in mind that cybercriminals are always looking for new ways to obtain profits. One of his favorites lately is ransomware. With this type of attack, victims’ files are encrypted and then asked for a ransom. That is why Microsoft is working to find a solution to this type of attack. In this article, we are going to talk about how Microsoft Defender has added adaptive AI-powered protection against ransomware.
Microsoft continues to be strong in security and has introduced an AI-powered ransomware attack detection system for Microsoft Defender for Endpoint customers that complements existing cloud protection by assessing risks and blocking cybercriminals at the perimeter.
Ransomware attacks by humans are characterized by a specific set of methods and behaviors. In this regard, cybercriminals use predictable methods to gain access to a device, but occasionally they rely on practical keyboard activities to move within a network. Microsoft Defender adds AI protection so that they can use a data-driven artificial intelligence approach to detect these types of attacks.
How Microsoft Defender adds AI protection
The feature that has proven effective against ransomware attacks is adaptive protection powered by AI. This would be an example of how Microsoft Defender adds AI protection, showing how adaptive protection works:
Attackers typically penetrate the target system by installing a malware binary that provides remote access to the computer.
Because Microsoft Defender adds AI protection with its adaptive protection system, unusual behavior can be detected. Before the appearance of this file on the device, suspicious behavior such as system code injection and task scheduling were observed. Then, signs like these and some more were put in value by adaptive protection powered by AI that predicted that team was at risk. A) Yes to increase protection I know increased aggressiveness of cloud blocking. As a consequence of this increased activity, Microsoft Defender Antivirus detected and blocked this file.
The file detected It was about one Cridex variant which is commonly used for credential theft and data exfiltration. These types of behaviors are also performed during a ransomware attack. In this regard, it may be important to improve Windows Defender security with these settings.
Machine learning and ransomware attacks
Microsoft Defender adds protection by AI thanks to its machine learning and adaptive protection in the cloud.
For this to work well the first thing to do is predict if that device is at risk. In this regard, a small number of suspicious indicators in isolation are not usually interpreted as a malicious attack. However, if we see them in a sequence over time thanks to the protection powered by AI, the state of the device can be evaluated at the moment each signal arrives and the risk score can be adjusted immediately.
Then what is done is toadjust the aggressiveness of the cloud lock automatically. Thus, depending on the risk score, some processes or files that would not immediately be considered malicious could also be blocked to protect the device. Also at any given time, we may be interested in removing malware with Windows Defender.
Microsoft Defender adds AI protection with its cloud machine learning against human-made ransomware. To do this, it performs a series of tasks:
- Detects and blocks the abuse of legitimate processes or files. For example, network enumeration is benign behavior, but if observed on a device that may be compromised, the likelihood that cybercriminals are performing reconnaissance activities can be high. At that point adaptive protection can intelligently block that behavior.
- Detecting and blocking ransomware loaders. In case you don’t know, it is a set of tools or basic malware that are normally used in an initial or intermediate stage of the ransomware attack.
- Detect ransomware payloads. Adaptive AI-powered protection will automatically switch to the most aggressive mode and block actual ransomware payloads. Thus, you will prevent files and data from being encrypted, preventing them from demanding a ransom from us.
In short, Microsoft Defender adds AI protection with its adaptive machine learning in the cloud to defend against ransomware.