Ransomware & Windows 10

Posted on by

Are you a Windows 10 user? Worried about ransomware?

Recently, I have received many questions about protection from ransomware from clients. There are a couple of methods that I recommend.

  1. Free and effective: Since the release of Windows 10, Microsoft has provided its customers with Windows Defender. They have continually improved on Defender over the years and has moved Defender to a newer security suite appropriately named “Security Center”. Security Center contains several security enhancements to Windows 10 one of which is Ransomware Protection. This has two components “Controlled folder access” and “Ransomware data recovery”. The latter being files that are contained in OneDrive. The theory of using OneDrive is that if you are attacked by ransomware it will create another version of your file(s) in OneDrive and using the versioning feature you can then roll back your files.
  2. Another process is using an Antivirus program that is paid for. On my personal and DataStream computers I use a very reasonable product called Bitdefender. I will agree with many antivirus reviewers that Bitdefender is one of the best. Within this product is a feature called “Ransomware Remediation”. Bitdefender claims: “Ransomware is highly adaptable to avoid interception, even for small periods of time. Ransomware remediation reverses any damage done by ransomware by automatically restoring encrypted files so even the newest ransomware attacks can’t compromise your files”.

If you choose to use purchase and install another antivirus program it disables some of the features pertaining to Defender antivirus and since the “Controlled folder access” relies on Defender’s real time monitoring this feature will be disabled. Although you can perform periodic virus scanning with Defender.

In the enterprise that I work on, the same Defender is used that you would use on a home version of Windows 10. Although, it is called Advanced Threat Protection and is used in conjunction with System Center Configuration Manager (SCCM) and I push “Controlled folder access” settings through Group Policy Objects (GPO) through Active Directory (AD).

Enabling Ransomware Protection in Windows 10.

  1. Open “Updates & Security”. You can do by right clicking on the start menu (Windows Flag lower right hand corner) then left clicking on settings, press the Windows key and X at the same time then click on settings or, click on the notifications icon (lower right hand corner) and then click on “All Settings”.

    Once in settings click on “Updates & Security”.

  2. Click on “Windows Security” in the left column.
  3. Click on “Virus & threat protection”
  4. Scroll to the bottom of the window to “Ransomware protection” and click on “Manage ransomware protection”.
  5. Under “Controlled folder access” set the slider to the right so that it indicates that it is on.
  6. After you set “Controlled folder access” to on and you have programs or apps that do not work correctly you may add them to the exclusion list just below the slider.

If you cannot move the “Controlled folder access” slider to on you may have another antivirus program running that is disabling Defenders Real-time protection.

Thanks, and if you have questions or, want to know about something please feel free to ask. If we don’t know the answer we will research it and get back to you.