How to Block Ransomware in Windows 10
By John Bath
We’ve written extensively about ransomware in the past, offering best practices for how users can identify threats and avoid the risks that may result in some unwarranted encryption. The biggest problem with ransomware is that, unlike our traditional conception of malware, little that can be done once files and drives are blocked (other than disconnecting the device from the network and wiping it).
While the methods cyber criminals use to attack are reportedly becoming more and more advanced, so too are the methods used to combat them. A very recent addition to the Windows operating system has been especially effective in protecting data.
Locking Down Your Data
Controlled Folder Access is a feature freshly rolled out in the Fall Creators Update for Windows 10, meaning that it is available for commercial and business users alike. By enabling this extra layer of protection, users can designate folders on their device that they want protected from changes by applications. This means that any file in a protected folder will remain static, unable to be altered in any way. As users may need to edit the files they work with, however, they are also able to select the apps that they trust to access files. For example, Adobe Photoshop would be an app I trust to edit image files with.
With these protections in place, ransomware installed to a device would be unauthorized to access and encrypt files in these protected folders. Currently, this feature will set the Desktop, My Documents, Favorites, Music, Pictures and Videos as protected by default. The user, of course, can set their entire drive to be managed by the service.
Easy Roll OuT for Businesses
For businesses using Windows Enterprise, administrators can turn this feature on for all users by including it in a Group Policy managing accounts. This allows for greater central management of the ways devices are protected, and eliminates the need for each user to manually configure their own device.
But for those that do not have access to central management of their business workstations, or someone who just wants to protect their personal device, here is a quick set of steps to activate it.
How to Enable Controlled Folder Access
Please note that you must be updated to Microsoft’s most recent version of Windows 10, the Fall Creators Update.
To find out if you have it, type Update into the search bar in the left-hand side of the desktop and select the Check for Updates result that comes up. Even if it says that you have the most up to date version of the operating system it is good practice to check anyway.
To enable these protections, users will need to access the Windows Defender Security settings from the same set of settings used to update Windows.
From there, they need to select the Virus & Threat Protection option, and then Virus & Threat Protection settings again within the subsequent page.
This will lead users to a page where they will need to confirm real-time protection settings by checking a box.
This will enable the user to select Controlled Folder Access at the bottom of the section to activate the service and clock through to a dashboard for managing folders. This is the section where users can assign protection to folders as well as whitelist the apps that they trust to access their data.
While Controller Folder Access enables the whitelisting for most apps, it should be noted, however, some applications have not yet been made compatible with the service for whitelisting. Bloomberg, for example, is one such app. Before enabling the feature for large swathes of data, it is important to double check that your favored app is supported with a quick web search.
Overall, Controlled Folder Access stands to pose a serious obstacle to the malicious actors set on compromising a business’ data. With the methods to distribute ransomware changing everyday, outright preventing such unauthorized code from accessing data is a powerful way to stop spread right in its tracks.
If your business is seeking to deploy an antiransomware solution like Windows 10 Enterprise edition, please contact us! It would be our pleasure to help protect your data from today’s threats.