Most of the new Windows features we talk about are user-facing, be it a new taskbar gimmick or a return of third-party widgets. But what’s going on behind the scenes can be even more important. In the latest Insider builds of Windows 11, Microsoft has changed a security default that could keep ransomware out of your PC. Why it didn’t do this years ago is anyone’s guess.
Ransomware is a relatively new phenomenon on the internet, the rise of which appears to mirror that of cryptocurrency. Ransomware is a specific type of malware designed to encrypt a victim’s files and then charge for the key needed to recover them. Those affected might have to cough up hundreds or thousands of dollars in crypto to get their files back, and it’s not just individuals who are targeted. Large businesses and even hospitals have been compromised with ransomware, and the cost to decrypt data can be much steeper. Game developer CD Projekt Red (CDPR) was hit just last year in the wake of its disastrous Cyberpunk 2077 launch
In the newest Insider builds (starting with 22528.1000) Windows 11 will use a security lockout protocol for Remote Desktop Protocol (RDP). Dave Weston, Microsoft’s head of OS security, provided some details on Twitter. After 10 incorrect password attempts, RDP access will be shut off for 10 minutes. After that timer has expired, you get ten more tries.
@windowsinsider Win11 builds now have a DEFAULT account lockout policy to mitigate RDP and other brute force password vectors. This technique is very commonly used in Human Operated Ransomware and other attacks – this control will make brute forcing much harder which is awesome! pic.twitter.com/ZluT1cQQh0
— David Weston (DWIZZZLE) (@dwizzzleMSFT) July 20, 2022
Weston notes that brute forcing RDP credentials is one of the most common ways ransomware operators gain access to systems. There are even groups online that focus on gaining access to systems via RDP, which they can then sell to anyone who wants to execute a ransomware attack.
These features were already in Windows 11 — and Windows 10, for that matter. However, almost no one turned them on, even in enterprise environments. Soon, it will be the default on all Windows 11 machines. Microsoft will also backport this change to Windows 10 desktop and server. While there might be some small inconvenience for RDP users, it’s a small sacrifice in the name of security. Microsoft already defaults to block internet macros in Office, which is another prime avenue for ransomware attacks.
Microsoft hasn’t said how it will deploy the change to Windows 10 and 11, but it will most likely arrive in a low-key security update rather than a major feature update.