[easterncalculus]

>These ransomware attacks are so devastating in no small part due to decisions Microsoft made many years ago.

This is true for almost all types of malware these days, especially when it comes to privilege separation/escalation attacks. All of your observations about segmentation/AD are true here.

As for ransomware specifically, a lot can be done to stop most ransomware, especially small-time stuff. Unlike most malware ransomware is intentionally loud, and performs the same generic actions of enumerating and encrypting files, which makes detecting and stopping most samples with heuristics much more effective than a lot of people would admit: https://www.youtube.com/watch?v=3pH13DxClag

A lot has happened with ransomware in the past five years, but a lot really hasn't - this stuff still works, and would have an effect against the big RaaS strains that people are talking about today.