Microsoft could fix ransomware by rate limiting createfile(), the api that’s used to open files. Opening files is a crucial step to encrypting or exfiltrating the data, and very few apps need to open a lot of files at once.
I’ve heard that Microsofts reason for not fixing it is … because user experience shouldn’t change because of windows update… https://wandering.shop/@xgranade/112498285644883431
Adam Shostack :donor: :unverified: /
npub13v…ces5t
2024-05-26 13:26:38
Author Public Key
npub13vv5def92j6rgq06n7y4srcmjvae70x54eanw976467f263raw3qpces5tPublished at
2024-05-26 13:26:38Event JSON
{
"id": "ba9445d2b208a9cc7dbe9d5ea319e2ff8a904ad94a0e5a229bc0779be5a43550",
"pubkey": "8b1946e52554b43401fa9f89580f1b933b9f3cd4ae7b3717daaebc956a23eba2",
"created_at": 1716729998,
"kind": 1,
"tags": [
[
"proxy",
"https://infosec.exchange/users/adamshostack/statuses/112507617205399151",
"activitypub"
]
],
"content": "Microsoft could fix ransomware by rate limiting createfile(), the api that’s used to open files. Opening files is a crucial step to encrypting or exfiltrating the data, and very few apps need to open a lot of files at once. \n\nI’ve heard that Microsofts reason for not fixing it is … because user experience shouldn’t change because of windows update… https://wandering.shop/@xgranade/112498285644883431",
"sig": "be10ed7c1cb88e501b209ed514b804883c4718a13158637b869b7986523df21049eaa7868b438811569268c22fefa0161f89862bab68e6b7d2cc9d3ad0175a2e"
}