Ransomware is a serious threat that locks down your device and blocks you from accessing your data until you pay your attacker. This critical security feature in Windows Defender comes disabled by default. Turn this feature on NOW!
Why You Need Ransomware Protection
The U.S. Department of Homeland Security just released a CISA advisory after a Gas Pipeline Facility was hit with RansomWare. The advisory comes in response to a cyberattack targeting an unnamed natural gas compression facility that employed spear-phishing to deliver ransomware to the company’s internal network, encrypting critical data and knocking servers out of operation for almost two days.
How Ransomware Can Attack
“A cyber threat actor used a spear-phishing link to obtain initial access to the organization’s information technology network before pivoting to its operational technology network. The threat actor then deployed commodity ransomware to encrypt data for impact on both networks,” CISA stated.
It is a clear indication that phishing attacks continue to be an effective means to bypass security barriers and that hackers don’t always need to exploit security vulnerabilities to breach organizations.
I wrote a quick post on LinkedIn to advise people to turn on ransomware protection after a Tesla part maker (Visser Precision) was also just hit with ransomware. I have had many inquiries on more details on how to protect personal Windows workstations from Ransomware.
Don’t Become a Target
If you work in Education you are especially vulnerable. In April of 2020, the education space experienced over 4.2 million malware infections, which makes up nearly 65 percent of the 6.5 million attacked devices, according to Microsoft.
How to Turn ON Ransomware Protection
Most people are unaware that a crucial security feature in Windows Defender comes disabled by default and that is the Ransomware Protection feature. Ransomware Protection was added way back in the October 2017 Windows 10 update. To turn this feature on, simply:
- Open the Start Menu, then click the Settings icon.
- In the Settings menu, go to Update & Security > Windows Security > Virus & Threat Protection.
- Scroll down to Ransomware Protection and click “Manage Ransomware Protection.”
- In the next menu, enable “Controlled Folder Access.”
- Controlled Folder Access only protects certain folders by default: Documents, Pictures, Videos, Music, Desktop, Favorites. You can extend the Ransomware Protection to other files and folders by clicking “Add a protected folder” in that same window.
- Navigate to the folder you wish to add to the ransomware protection. Repeat for each folder you want to have protected.
Approve Applications to Access your Data
Now that you’ve set up Controlled Folder Access, Windows will monitor any programs that are accessing any files in the protected folders. Windows will block suspicious programs from trying to gain access. While this gives you some peace of mind, the problem is that not all “suspicious” programs are actually malicious. To avoid false positives, you can create a “whitelist” for Controlled Folder Access.
- Open the Start Menu and click the settings icon.
- Go to Update & Security > Windows Security > Virus & Threat Protection > Manage Ransomware Protection.
- Scroll down and click “Allow an app through controlled folder access,” then find and add the desired program to the list. You’ll have to repeat this process for each app you want to grant access to.
- You can also click “Block history” to view a list of programs that Windows Defender has prevented from accessing your protected files. If you don’t recognize a listed program or aren’t sure why one would be trying to access your files, uninstall it.
Anti-Ransomware Strategies
Ransomware goes after files stored in common locations like the desktop and the Documents folder. You need to ensure all areas (folders/directories) on your computer are included in your “Controlled Folder Access”. Windows Defender antivirus tool foils ransomware attacks by denying unauthorized access to these locations. On any access attempt by an unknown program to a “controlled folder access” location and the user will be asked whether to allow access. If that notification comes out of the blue, not from anything you did yourself, block it!
Your #1 protection against Ransomware will always be Backups. Even with the ransomware protection from Windows Defender, you should also make sure you’re regularly backing up your files (so you don’t get locked out of anything important if ransomware strikes).
What to do if you encounter Ransomware
If you (or a client does) get hit with ransomware, you need to identify which version of ransomware you are dealing with. The primary tool for this is the ID Ransomware site. Just a fantastic team put this site together and it will review a sample encrypted file and see if it can be decrypted.
Do not pay the ransom. It only encourages and funds these attackers. Even if the ransom is paid, there is no guarantee that you will be able to regain access to your files.
When dealing with ransomware, you need to decrypt your files, use your backups, pay the ransomware, or lose your data.
Charles Duncan is a Veteran IT Consultant with a Bachelor of Science Degree in Computer Science. Charles founded Crown Computing Incorporated and managed Micro Services for York University. Charles has extensive experience with Linux, Apple, and Windows Operating Systems. Extensive “hands-on” Hardware, and Networking experience. Charles is Microsoft (MCSE), Azure, and Cisco (CCNA) certified. Connect with Charles on LinkedIn and Facebook.