Ransomware is one of the worst types of malware that can affect a computer, a computer virus that encrypts computer files and requires payment to the victim to receive the decryption key, which may or may not work. The computer viruses of today, in fact, are no longer created just to ruin the computer of the victims, they are instead much more subtle, often remain invisible and are designed to obtain tangible advantages, such as money or private information. Ransomware is a type of malware designed to block the computer from the outside, asking for a real ransom in real money (in cryptocurrency) to be sent to the person who created the virus. Usually, ransomware encrypts files to prevent them from being viewed, but there have also been cases of more malicious malware that simply delete the files in the document folder from the victim’s PC or delete the backups making file recovery impossible.
Since this is a very dangerous type of virus, it is good news that Microsoft has added to Windows Defender on Windows 10 a protection against Ransomware, which however is disabled by default. Although it is an important security measure, there is the problem that when you choose to activate anti-ransomware protection like the one included in Windows Defender or any other, there may be limitations in the use of some programs that can be seen as false positives and some configuration work will be needed.
However, due to the permanent effects of this virus, the only safety weapon is prevention, thus avoiding any possibility of being infected. My advice is, therefore, to enable Ransomware protection in Windows 10 however (also because no new program needs to be installed and is free) and then set up the configuration so that the safety programs are not limited. Furthermore, after activation, you can always deactivate Ransomware protection at any time if it should block necessary operations.
Also take into account that having an updated and reliable antivirus may not be enough to protect yourself from Ransomware who can find ways to infect a PC with just one click in the wrong place, especially since the authors of these viruses use deception to lead to error.
How to enable ransomware protection in Windows Defender on Windows 10 PC
Ransomware protection in Windows Defender protects important computer folders from the action of the programs and also provides protection against malware. To enable it, follow this procedure:
- Open the Start menu, click on the button Settings (gear button) and then go to the section Update and security.
- From the left pane, press Windows security and then on the line Protection against viruses and threats.
- Scroll down to locate the ransomware protection and click on Manage Ransomware protection.
- On the screen that appears, activate the option Controlled folder access.
- In the next pop-up, you will be asked for permission to make changes to your PC. Press Yes to proceed.
Controlled folder access protects some default folders which are the most important ones such as Documents, Pictures, Videos, Music, Desktop, Favorites. You can also extend protection to multiple folders, by clicking on the link Protected folders and then up “Add a protected folder“.
Once the Windows Defender Ransomware protection is correctly configured, the function will start to monitor and block apps and programs that access protected folders and protected files saved inside them.
As mentioned above, some programs that create files in protected folders may be blocked by Windows Defender even if they are fully legitimate. You will then have to use the option that creates exceptions for some programs.
Always staying in the section of Settings> Update and Security> Windows Security> Virus and Threat Protection> Ransomware Protection, click on the link Allow apps via controlled folder access. Then find the program we want to authorize the use of these folders and insert them in the list of allowed apps. You can repeat this for all the programs and apps you are sure of. Take into account, for example, that if you try to save a new image in the Images folder, if it is protected with Ransomware protection, the action will be prevented and you will need to authorize the program you use to save the file in that folder.
In the Ransomware protection configuration screen, you can click on the Block History link to see the programs that Windows Defender has blocked access to the files. If you see names of programs that are unknown or that should not have access to that folder, you can then remove that program.
Finally, note that Windows 10 uses the Onedrive folder to create a secure backup copy of the protected folders so you can recover everything even if your PC is infected with ransomware.
Prevention against Ransomware
Of course, to avoid getting hit by ransomware, you need to protect your PC from viruses adequately. Other important recommendations and solutions to be adopted are the following.
Anti-Exploit
In Windows 10, as explained in another article, it is also possible to enable exploit protection in Windows Defender, which means being protected from unknown threats.
Keep the User Account Control active.
User Account Control, also known as UAC, is the Windows function that blocks the execution of files until the user intervenes to confirm it. This is the request message to allow that app to make changes to the system, which appears when you run a new program or file. By turning off UAC you lose control over any malware that tries to run automatically on your computer. Instead, keeping it active can block any action of dangerous or unrecognized files in the bud.
READ ALSO: How User Account Control works in Windows (UAC).
Always have a backup
This is something fundamental to avoid crying after a ransom virus. If in fact all the computer files have been saved on another hard disk in a backup copy, we don’t care that a malware blocks them on the computer. Once the virus is removed and the encrypted files are deleted, they can be restored from the backup.
In another article, we saw important folders and files to save in a Windows PC while in another updated guide, the best free programs to make automatic backups
Other anti-ransomware programs
That of Windows Defender is very effective protection, but if you wanted an external program, I could advise you to install one of the Anti-Ransomware best against Ransom or Crypto viruses.
Ransomware Protector
One of the best is free for personal use is Ransomware Protector which guarantees rigorous security for PC data with the dual encryption methodology. It’s basically a powerful backup tool that keeps all your data safe and sound. So if the system is hit by any kind of cyber attack, the data will still be stored on a secure cloud server.
HitmanPro Alert
The program is very good among these HitmanPro Alert, free for 30 days only, which in version 3 also includes one of the most accurate malware removal tools.
Hitman Pro Alert guarantees that every site visited for online shopping, banks or others that contain secure data is legitimate, true and secure and that information is encrypted.
Some malware and Trojans are so well designed that they compromise and manipulate transactions and steal account credentials. These Trojans are very difficult to detect, even with an updated antivirus, because attackers use effective obfuscation and concealment techniques to evade detection in the first few days of dissemination. In practice, a new Trojan can be difficult to intercept and block in the first 24 hours of life that can be enough for hackers to infect tens of thousands of computers and steal money from hundreds of victims.
HitmanPro Alert proactively protects against these threats by detecting changes in the browser or system. It also includes a call function Cryptoguard which does not attempt to detect malware based on its static properties but based on its behavior.
If suspicious behavior is detected, the virus is immediately blocked and the malware is neutralized, without the need for any user intervention. No file will then be encrypted and taken hostage. HitmanPro Alert with active its vaccination functions and Cryptoguard works silently in the background at the file system level and takes up just 2 MB of memory.
Ransomware removal
Removing a Ransomware is a relatively elaborate and difficult procedure, but in some cases possible as explained in the article on Removal of virus programs that take hostage.
