On Windows 7, Windows App Locker and antimalware solutions like Microsoft Security Essentials and System Center Endpoint Protection (SCEP) can block the infection process.
However, because Wanna Cry used an exploit to spread and infect devices, networks with vulnerable Windows 7 devices fell victim.
More importantly, during the Bad Rabbit outbreak, detonation-based machine learning models in Windows Defender AV cloud protection service, with no human intervention, correctly classified the malware 14 minutes after the very first encounter.
The said detonation-based ML models are a part of several layers of machine learning and artificial intelligence technologies that evaluate files in order to reach a verdict on suspected malware.
Credential Guard can prevent Petya from stealing credentials from local security authority subsystem service (LSASS), helping curb the ransomware’s propagation technique.
Meanwhile, Windows Defender System Guard (Secure Boot) can stop the MBR modified by Petya from being loaded at boot time, preventing the ransomware from causing damage to the master file table (MFT).
The multiple layers of next-generation security technologies on Windows 10 are designed to disrupt the attack methods that we have previously seen in highly specialized malware but now also see in ransomware.
Windows 10 was not at risk from the Wanna Cry attack.
From June to November, Windows 7 devices were 3.4 times more likely to encounter ransomware compared to Windows 10 devices. Ransomware encounter rates on Windows 7 and Windows 10 devices.
Encounter rate refers to the percentage of computers running the OS version with Microsoft real-time security that blocked or detected ransomware.
In October, another sophisticated ransomware reared its ugly head: Bad Rabbit ransomware (Ransom: Win32/Tibbar.
A) infected devices by posing as an Adobe Flash installer available for download on compromised websites.