Windows Defender has been gaining a foothold steadily for the past few years. But there is one flaw in the antivirus that ships with Windows 10.
The option for Ransomware Protection is disabled by default even though it is available as a native option since the release of Windows 10 version 1709.
Initially I was bemused by this, but then I thought it is possible that Windows Defender could identify a legitimate application as a threat and block it, which is not something the user would want.
Quite a few third-party anti-ransomware programs exist and they do suffer from false positive issues as well. Check out our reviews of AppCheck AntiRansomware, Acronis Ransomware Protection, TrendMicro Ransombuster, or our overview of Anti-Ransomware software for Windows to get started.
For those unaware, ransomware is one the deadliest form of malware. It silently encrypts your data (pictures, videos, documents are commonly targeted), thus preventing you from accessing them.
It may even lock the bootloader when you reboot/turn off the computer. The malware displays a screen demanding a ransom from the user which usually involves a crypto-currency payment address that you have to send money to.
There is no guarantee that a payment will provide the unlock key required to regain access to files that the ransomware encrypted while it ran on the system. Ransomware attacks are often accompanied by a timer to add another pressure layer to the ransomware demand. Affected users are asked to pay the amount in time as they won't be able to decrypt their files anymore once the timer runs out.
Decryption tools are available for some ransomware types but these are released after an outbreak usually and not available right from the get-go.
Many companies, hospitals, and users fell victim to ransomware already. You may have heard of the ruckus caused world-wide by the WannaCry ransomware back in 2017, and that is just one example of ransomware causing havoc worldwide.
Besides being very cautious when using the computer, there are only a few options to protect against ransomware attacks. Two of the most effective are backups and security software that protects against ransomware.
1. Open the Windows Security Dashboard by double-clicking on the Defender taskbar icon (or use the Settings app and select Update & Security > Windows Security).
2. Click on Virus & Threat Protection.
3. Scroll down to Ransomware Protection.
4. Click on Manage Ransomware Protection (click Okay on the UAC pop-up if it is displayed).
5. On the next page, you will find a toggle for Controlled Folder Access. Enable the option. That's it.
Most antivirus programs use behavioral scanning to prevent zero-day attacks (new or unidentified malware). In other words, they monitor your computer's services, applications, anything in the background, for suspicious activity. For example, when an otherwise harmless file tries to gain access to your documents folder to execute a script that encrypt the files in it, Windows Defender will stop the malware to protect your data. It's a sort of intrusion prevention or anti-exploit method.
By default, the Ransomware Protection only covers specific folders. To view the ones that are secured, click on the Protected Folders option. It's just the User folders like Documents, Pictures, Videos, Music, Desktop, Favorites by default.
So, what happens if a ransomware targets files in other folders? The files are affected unless the ransomware is quarantined before it starts to encrypt files on the device. Fortunately, there is a way to secure them.
There is an option on the top of the Protected Folders screen, which says "Add a protected folder". Click on it and choose any folder you want and it will be protected by Windows Defender. The folders can be on any partition or hard drive: they will be secured by the feature.
This method is not completely fool-proof but it's better than nothing. You might want to backup your data to an external drive regularly as well. Don't forget to checkout ConfigureDefender for more control.
Usually we ask you to share what programs you use. This time, I want to ask you something else. Have you ever seen a computer affected by ransomware? How was it dealt with?Advertisement
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.