Scared of ransomware attacks? Try Windows 10's built-in 'Ransomware protection' feature

Polycount

Posts: 2,850   +575
Staff member
Ransomware threats: The threat of ransomware continues to grow across the globe. Malicious actors have used these data-encrypting hacks to extort money from hospitals, businesses, and even major natural gas pipelines. The effects can be devastating. Though ordinary consumers are not usually considered juicy targets for hackers (with some exceptions), it's still helpful to insulate yourself from these attacks as best you can. But how?

There are the obvious methods, of course: backup your data to offline, local drives regularly, keep important files in more than one secure location and avoid downloading suspicious media or opening fishy emails (and somehow avoid sharing a network with people that do, I suppose). The usual data security 101 steps.

If those steps are impractical, impossible, or simply not helpful for you (perhaps you've already done them), you might have another option. As noted by Forbes, Windows 10 has a built-in "Ransomware protection feature," available to any users with a reasonably up-to-date version of the OS.

This feature has existed for a while, but it seems to have mostly flown under everyone's radar. I've spotted the option in the past whilst digging through my Windows 10 settings menus (mostly to disable telemetry), but I never thought much of it until now.

So, what is Ransomware protection, and how does it work? To answer the former, we just need to look at the name: it's a Windows Security feature that seeks to help users protect themselves against ransomware attacks (and, in some cases, recover their data post-attack).

As for how it works, Microsoft offers something called "Controlled folder access," which lets you designate specific folders that only "trusted apps" may access. The tech giant says this prevents the contents of the folders from being changed or, more notably, encrypted by any malware, ransomware included.

If you want an easy set-it-and-forget-it option, just flip the controlled folder access toggle and leave it be. By default, only "key folders" (such as Pictures and Documents) will be protected, but you can add additional ones or alter the defaults at will.

If you want to test that the feature is working as intended, try using a few third-party apps to, say, edit some images from your Pictures folder. Ideally, you'll get an error message and a security event notification from Windows.

If you fully trust the security of a specific app, you can allow it to bypass this protection by making it an "allowed app." This can be done through either the security notifications mentioned before or through the Ransomware protection page. In either case, your allowed apps will be able to access all of your files normally. As Microsoft warns, only grant this permission to apps you've personally vetted since you never know when a piece of software could get compromised (and thus compromise all your downstream data).

What about the poor souls that have already been hit by ransomware? Does Microsoft offer any relief for them? Well, sort of. If you're a OneDrive user who regularly backs up your data, then the answer is yes. OneDrive, Microsoft says, features "built-in ransomware detection and recovery tools" (assuming you've linked it to your Windows machine). You can learn more about that tech and how to use it right here.

For everyone else: good luck.

Hopefully, this little PSA has been helpful for at least a few of you. If you decide to use Controlled folder access, be sure to drop a comment below and let us know how you get on. Also, feel free to chime in if you can think of any other methods to protect your data from this sort of attack.

Masthead credit: vchal

Permalink to story.

 

Cycloid Torus

Posts: 4,747   +1,547
When I first read this, I thought that this could offer a 'miner's canary' which would report on malign efforts to damage files - possibly by 'protecting' several honey pot folders. Further reading led me to discover that there are no alerts. Then learned a number of default system folders are 'protected' and this cannot be modified.

Too bad. Almost useful.
 
I use third-party software that guards against ransomware attacks. πŸ‘πŸ‘πŸ‘πŸ‘πŸ‘πŸ‘
As yet I have had no attacks but you never know when it may or may not happen so forewarned is forearmed
I have had people/*****s try, but I get an alert and they swiftly move onto the next victim.
.🀬🀬🀬🀬🀬
No I'm not telling you the software company😊 😊 😊 😊 😊
 

scavengerspc

Posts: 1,174   +1,106
TechSpot Elite
It took a long time for this knowledge to come out, yet some people never miss a chance to report that 3 people at the North Pole had their printers quit after a Windows update.
 
While it may seem good it’s not advisable if you do gaming or use any Apps which want to change things in the folder.

I have had Games not load and crash when it comes to updates and patches.

Malwarebytes offers a free Ransomware.

 

Axle Grease

Posts: 201   +134
I've been using this for months. It has a problem though. In can block an executable from accessing a folder but not inform the user. For a while my WinTV software would show no image. It would get stuck on buffering. It turned out the Controlled Folder Access feature was blocking a TV Server process called 'CaptureGenPCI.exe. I was trying all sorts of thing to fix, re-installing drivers/software over and over.
 

wujj123456

Posts: 53   +25
TechSpot Elite
I've been using this for months. It has a problem though. In can block an executable from accessing a folder but not inform the user. For a while my WinTV software would show no image. It would get stuck on buffering. It turned out the Controlled Folder Access feature was blocking a TV Server process called 'CaptureGenPCI.exe. I was trying all sorts of thing to fix, re-installing drivers/software over and over.
If you know the application already, you can whitelist applications directly in the settings though.
 

wujj123456

Posts: 53   +25
TechSpot Elite
Already protected by Bitdefender, thanks.
Bitdefender only protects data at rest. When the disks are decrypted already, it doesn't help to prevent ransomware from accessing and then overwriting your data. If you can modify the files, the malicious apps carrying over your permission can as well.

This "controlled folder access" seems to be per-application ACL, which indeed would help. Of course that's assuming there are no zero-day exploits that would enable a malicious app adding themselves to the allowed applications without user interaction.
 

Bullwinkle M

Posts: 485   +390
Scared of ransomware attacks?

No, of course not
I'm a Real Windows Security Expert

I have been using Windows XP online without any Microsoft security updates and a Full Admin account for 7 years now and have not had a single malware or ransomware problem

I've never had a ransomware problem in Windows XP, and I never will



 

clrnng

Posts: 8   +8
I'm afraid this feature has limited protection. A malware could always inject itself into another process that has rights to those protected folders and encrypt them.
 

Markoni35

Posts: 1,075   +442
I'm afraid this feature has limited protection. A malware could always inject itself into another process that has rights to those protected folders and encrypt them.

Exactly what I wanted to write. That's how viruses (or is it "viri") normally work, they use other processes for camouflage.

I wanna see ransomware infecting World Bank or International Monetary Fund. A billion here, a billion there, and soon we start talking about serious money.
 

PEnnn

Posts: 627   +610
Exactly what I wanted to write. That's how viruses (or is it "viri") normally work, they use other processes for camouflage.

I wanna see ransomware infecting World Bank or International Monetary Fund. A billion here, a billion there, and soon we start talking about serious money.

You do know the World Bank or International Monetary Fund are not real banks with a vault and money in them, right?

.
 

Avro Arrow

Posts: 1,256   +1,386
TechSpot Elite
You do know the World Bank or International Monetary Fund are not real banks with a vault and money in them, right?

.
Well, there's always the private banks who are real pricks like WellsFargo and Chase. It would work pretty well there. Hell, Wall Street in general would be a great target in that respect.
 

Markoni35

Posts: 1,075   +442
You do know the World Bank or International Monetary Fund are not real banks with a vault and money in them, right?

.

Who keep their money in vaults nowadays? There's no gold standard anymore, everything is virtual, and cash is just a minuscule fraction of total money supply. Those two entities control enormous amount of virtual money, but which can be used to buy real-world products and services.
 

PEnnn

Posts: 627   +610
Who keep their money in vaults nowadays? There's no gold standard anymore, everything is virtual, and cash is just a minuscule fraction of total money supply. Those two entities control enormous amount of virtual money, but which can be used to buy real-world products and services.
OK, so what's there to steal by hackers?? Enlighten us, statistics??

Again, you really have a baseless argument.
 

Markoni35

Posts: 1,075   +442
OK, so what's there to steal by hackers?? Enlighten us, statistics??

Again, you really have a baseless argument.

Code for their system. All the info they have. They could be financing "projects" that don't really exist.