Summary
- Microsoft Defender disrupted a human operated ransomware incident targeting a large educational institution with more than a couple of thousand devices.
- The attacker attempted to weaponize Group Policy Objects (GPOs) to tamper with security controls and distribute ransomware via scheduled tasks.
- Defender’s predictive shielding detected the attack before ransomware was deployed and pr...
