Windows Includes Ransomware Protection
(Here’s how to turn it on)
Ransomware is nasty stuff. This type of malware encrypts files on your PC so you can’t access them unless you pay the attacker to unlock the data. Basically, your files are held hostage until you cough up the demanded ransom, or you’re able to survive the ransomware attack using other means.
The #1 defense against ransomware is avoiding sites and downloads riddled with it, but some of the tricks bad actors use to lure you to these places are all too realistic, making it easy to take the bait.
Our FLS team highly recommends using Microsoft Defender as your first line of malware defense (even over a 3rd party antivirus app). Microsoft Defender is built into Windows, made by Microsoft, and it can take care of all your malware protection needs. (Microsoft changed the name from Windows Defender several years ago, but it’s the same program.)
The catch? Ransom protection is not turned on by default in Microsoft Defender. You have to enable it yourself.
How to turn on ransomware protection in Windows
Step One: Open the Windows Security app on your PC. You can access it in one of several ways:
- Press Alt + Spacebar on your keyboard, type in windows security, then press Enter
- Open your Start Menu and type in windows security, then press Enter
- Open your Settings app, then choose Windows Security in the left pane
Step Two: Find your ransomware settings. In the Windows Security app, click on Virus & Threat Protection. Then click Manage ransomware protection at the bottom of the screen.
Next, turn on Controlled folder access. This setting restricts app access to your PC’s default OneDrive, Documents, Pictures, Videos, Music, and Favorites folders. (You can also manually add other folders to the list).
Not all apps will be barred from these areas in Windows – Microsoft Office programs are automatically allowed to open and alter files. But if an app is not on Microsoft’s internal list of trusted apps, it can’t see anything in those folders until explicit permission is granted in Windows Security.
Step Three: Make sure you’re logged into OneDrive
Limiting access to files and folders won’t completely protect them. An additional method of defense is to have good backups, which Windows automatically does if you’re logged into OneDrive. (You can either connect a Microsoft account to your whole Windows PC, or just the OneDrive app specifically.)
To confirm that this protection is on, you can look at Ransomware protection > Ransomware data recovery.
For the purpose of warding off ransomware’s worst effects, the safest backup of your files is the one you keep offline. You should make a backup in addition to anything stored in the cloud. If you only have one copy of your data, you’re not properly backed up.
Should you turn on ransomware protection in Windows?
Security and convenience live on opposite ends of a spectrum, and that’s the case here, too. Controlling folder access in Windows can keep attackers out of your important folders, but it can also be slightly inconvenient. My suggestion is to live with that little bit of inconvenience and stay protected. The choice is yours.
Larry McJunkin, President
Tellico Village Computer Users Club