Windows Defender can block Petya & GoldenEye Ransomware on Windows 10

Reading time icon 3 min. read

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more

A new wave of ransomware attacks starring Petya and GoldenEye Ransomware has affected thousands of computers worldwide. This attack comes only one month after the massive WannaCry attack.

Unfortunately, this time the creators of Petya and GoldenEye didn’t make the same mistake that WannaCry’s creators had done. The new ransomware features stronger encryption and a worm-like behavior. For this reason, many security specialists labelled Petya and GoldenEye as cyberattacks, rather than ransomware attempts.

Irrespective of the goal behind the recent ransomware wave, one thing is sure: victims cannot recover their files even if they pay the ransom. In other words, if your computer gets infected, avoid paying the ransom by all means. And most importantly, avoid getting infected in the first place.

READ ALSO: Prevent future ransomware attacks with this free tool

Windows Defender blocks Petya & GoldenEye Ransomware

If you want to keep your computer safe from Petya and GoldenEye, make sure that you’ve installed the latest definition updates for Windows Defender.

Windows Defender Advanced Threat Protection is perfectly capable of fully protecting your computer against Petya and GoldenEye attacks, keeping your files safe.

Microsoft explains that:

Windows Defender Advanced Threat Protection is a post-breach solution and offers by-design detections for this attack without need of any signature updates. Windows Defender ATP sensors constantly monitor and collect telemetry from the endpoints and offers machine-learning detections for common lateral movement techniques and tools used by this ransomware, including, for example, the execution of PsExec.exe with different filename, and the creation of the perfc.dat file in remote shares (UNC) paths.

To make sure that you’re running the latest Windows Defender version, you should force updates daily. Updating once a day gives you a good level of protection. At the same time, the antivirus won’t interfere with how you use your PC because you already run the latest definition updates.

Additional ways to protect your PC from ransomware

  • Upgrade to Windows 10 Creators Update: This OS version adds a series of extra-security layers against ransomware attacks. More specifically, Windows Defender uses cloud-based machine learning, deep neural networks, and other advanced automation technologies to verify suspicious files, and block threats instantly.
  • Use Windows 10 S: As a quick reminder, Windows 10 S only run apps from the Windows Store, further protecting users from ransomware.
  • Install the Windows security updates from March: Microsoft rolled out a series of important security updates in March, targeted specifically at protecting users against malware attacks. If you haven’t installed the respective updates yet, do so as soon as possible.
  • If you can’t install the March security updates right now, disable SMBv1 and add a rule on your router or firewall to block incoming SMB traffic on port 445.

As you can see, installing the latest Windows updates is essential to keeping your computer safe from ransomware attacks. If you haven’t checked for updates in quite a while, go to Settings > Update & Security > hit the ‘Check for updates’ button.


More about the topics: Cybersecurity, Ransomware