Microsoft Ransomware Protection – Windows 10

Microsoft Ransomware Protection – Windows 10

Protecting yourself from Ransomware

At a time where it seems like every other week, there is a report in the news, talking about an organisation that has been hit with ransomware attacks. It seems less likely this form of attack is going to disappear any time soon. 

What is Ransomware?

Let’s first look at what ransomware attacks actually entails. According to the Cambridge Dictionary

software designed by criminals to prevent computer users from getting access to their own computer system or files unless they pay money

https://dictionary.cambridge.org/dictionary/english/ransomware

There are a few ways in which these often start. One is via phishing emails which will contain an attachment that an unsuspecting victim will open. They could also happen when visiting websites that could deploy malicious code to the user’s machine. 

The software that is installed will often lock you out of your folders or file. Unless you meet the demands of the hackers.

This has major implications for large organisations where they could contain sensitive information in the file. 

In some cases, the attack will not only affect one machine on the network. But it will work its way around the network to other machines, which are also connected to the network. This means it could easily bring down an organisation. 

What can we do to protect ourselves?

There are a few steps we can take to reduce our risk of falling for a ransomware attack. A lot of the malicious code is either downloaded or directed by a link in an email. 

The first step for anyone reading an email is to check the senders’ email address. Make sure that it lines up with the person sending the email. 

If you’re unsure about an attachment talking to the original sender can help identify if you were meant to get the email. 

Finally when you’re looking at links in emails. You can have a visible text which might be something similar to: “Read More” or “http://SomeWebAddress.com”. Hovering over the link will give you the actual destination of the link. 

It can be easy to overlook the actual link to a website. This means instead of going to www.google.com the link was for www.googleA.com. It’s a different domain but at a first glance, you might just think it’s a link to Google. 

I find if I am unsure about the link or site a quick Google search will often lead me to the page I am after if it’s a page I should be accessing.

What to do if you’ve downloaded Ransomware

What happens when you do click the link what steps should you be taking to resolve the situation as paying out a lot of money only enables the hackers to continue. 

You will often know you’ve been infected as you will be getting a prompt on how to pay the hackers and you’ll more than likely be unable to access your documents. 

The first step I would take is to remove the machine from the network, hoping that it hasn’t already started to infect the network. 

Where possible make a backup of the files you’re able to, and if nothing is lost then wiping the machine and getting the security setup and ensuring everything is up to date. Completing this will hopefully ensure when it’s connected back to the domain, it’s not going to infect another machine.

According to https://www.actionfraud.police.uk/campaign/ransomaware 

Finally, we can look at Microsoft Window Defender RansomWare tooling

Microsoft Windows Ransomware Protection Tools

Windows Ransomware Protection Screen

Within Windows 10 there is now tooling to help protect against ransomware. You can access it by going to Settings and searching > Ransomware Protection

As you can see this has a few options. The first thing you’re going to want to do is to enable the tooling under Controlled Folder Access. 

This will give us the option to see previously blocked attacks. The folders which Microsoft has defended by default. This also gives us to option to add additional folders to the list. 

Most actions will require an Administrator account. If you try to run an application that makes changes to these folders it’ll no doubt be blocked through these settings. Though you are able to change the settings to allow certain applications to run. 

This tooling also prompts for setting up your files to backup on Microsoft One Drive, (other options are available, just not run by this Microsoft tool). Backing up is one of the most important steps that can be taken. If you do lose access to your files in one location you can at least recover from another source.

This is an easy step to help reduce the need to pay the scammers.

Conclustion

Microsoft has obviously worked hard to try and mitigate the potential issues of Ransomware and the position it holds at the moment. It’s a shame we need an extra step to protect ourselves. 

Our best step is always to question our actions we take daily, have we backed up our work? Are we sure this email is from who we think it’s from?

Personally, it would be good to have more than just the option from One Drive to backup. As with the current Windows Defender, it seems to have minimal impact on performance on the machine. Hopefully, they can keep it up to date to try and tackle all-new attacks that come in. 

Have you dealt with Ransomware personally? How did you handle it? Let us know in the comments below.

Leave a Reply

Your email address will not be published.