Windows 10 ransomware protection remains the first line of defense for consumers using Windows in 2021.
Ransomware not only denies access to your data but demands a ransom be paid. And criminals are increasingly turning to so-called “double extortion,” where they threaten to expose sensitive user data if a separate ransom isn’t paid.
And the size of payments is on the rise. In 2020, the average cost of ransomware nearly tripled to $312,493 in 2020 and the ‘highest amount paid’ doubled to $10 million, according to Palo Alto Networks.
Unbeknownst to many consumer users of Windows, Microsoft offers built-in ransomware protection as part of Windows Defender, found under Virus & Threat Protection.
The basics for turning it on aren’t complicated: type in “Ransomware Protection” in the Windows 10 Cortana search bar (typically in the bottom lower left of the screen) then go to the “Ransomware Protection” screen.
You’re given the option to select Controlled folder access. Then you have the option to select which folders you want protected.
The State of Windows Defender Ransomware protection — with some surprises
A YouTube video (at bottom) from The PC Security Channel — an organization sponsored by the Ingenuity Lab, University of Nottingham — ran tests earlier this year to demonstrate the level of protection you can expect from Windows Defender.
While the online protection test let only a single ransomware “sample” get through (see 2:20 mark), the offline protection was much more dicey (see: 7:40 mark) with 10 samples missed.
The PC Security Channel recommends turning on the Controlled Folder Access, as cited above.
Microsoft agrees that cloud protection is critical. “Cloud protections are an important part of defending new malware in real-time,” a Microsoft spokesperson told me. “They allow us to continually enhance our anti-malware and other security features built into our platforms to fight the evolving complexity of threats,” the spokesperson said.
Tactics to fend off ransomware
It’s strongly suggested by cybersecurity professionals that you use a a cloud-based file hosting service with automatic backup, such as Microsoft’s OneDrive, so you’re regularly backing up files.
Another good defense is a so-called “air gap” strategy where the external storage device is completely disconnected (i.e., offline) from your computer and the internet. Back up your files, then disconnect the storage device.
Another piece of advice is to separate work and personal devices, says Unit 42 of Palo Alto Networks, a cybersecurity firm. While attackers tend to target corporations, schools, and hospitals, “we may see consumers who are working from home and doing their shopping on their work devices get targeted by attackers,” Unit 42 said.
“While Windows Defender has improved considerably over the years, there are several key areas where it is still largely susceptible to attacks, as we have found during our repeated testing on The PC Security Channel,” Leo, who is the founder of the PC Security Channel, told me in email.
*The goal is to block suspicious software but if an app is blocked that you know is safe, Microsoft gives you the option to build a white list. Use the Controlled Folder Access for whitelisting apps. You can do this by going to “allow an app through Controlled folder access.”