Microsoft boasts that "no known ransomware works against" Windows 10 S, its locked-down and hardened operating system announced in May.
The company made the bold claim in announcing the release of a white paper that details the Windows 10 Creators Update's next-generation protections against ransomware, which also offers an updated snapshot of "ransomware encounters" it detects on Windows machines worldwide.
Throughout 2016 ransomware encounters were steadily declining from a peak in August, but they started climbing again in February 2017 and doubled in number by April.
It removes the risk posed by some older Win32 apps, and offers a unified update mechanism for all applications it's allowed to run. It also features many of the enterprise security features of Windows 10 Pro to help IT departments manage fleets.
Microsoft's Windows 10 Creators Update white paper notes the sizable decline in drive-by downloads or exploit kits to infect machines with ransomware. Email continues to remain popular, while WannaCry and other ransomware families, such as Spora, are exploring the network to spread infections.
Microsoft breaks down Windows 10 defenses into three categories, including protections off the machine, as well as pre-breach and post-breach on machine defenses.
Off-machine security include features such as Office 365's URL detonation service and Edge browser's reputation-based download blocker.
Pre-breach on-machine defenses include Windows Defender, Device Guard, and the Antimalware Scan Interface. Its enterprise-focused post-breach tools include the Windows Defender AV behavioral engine, and Windows Defender ATP, which offer security operations a range of tools to identify, block and isolate malware before it becomes a major outbreak.