Microsoft’s security program, known as Windows Defender, is getting a massive upgrade to protect against ransomware attacks using AI. This AI should be able to use data to detect these ransomware attacks. It is important to know how ransomware works to understand how this AI will upgrade Windows Defender.
How Ransomware Works
Ransomeware work by establishing a backdoor of mean by planting malware deep into the system to provide a hacker with remote access to that system. Ransomware can be spread by downloaded files with malware attached. Something along the lines of stuff like cracked games and nulled programs. Usually using Administrator credentials within the system to hide among other system files. With this access, the hacker can begin encrypting important files. In order to unencrypt these files, the hacker will usually ask for payment via cryptocurrencies.
How Windows Defender’s New AI Can Detect This
This new AI for Windows Defender will be able to detect unusual behavior within your computer. Lots of times these Ransom malware use legitimate commands in Powershell, VBS, or Command Prompt in order to hide and encrypt programs. While these commands themselves aren’t inherently harmful, they can be in the wrong hands. The AI has been said to have the ability to detect hidden commands running on the system, allowing admins to have time to respond to the attack.
The AI component also offers the benefit of being able to evolve over time and keep up with these ever-evolving ransom attacks. While cloud protection is great it usually requires an admin to adjust it manually. The AI by Windows Defender will make it adaptive and not require as much attention. Even if the AI fails, it will for sure make it so much harder on the attacker.