State Of Windows 10 Ransomware Protection 2021: Some Surprises, Says Report

Windows 10 ransomware protection remains the first and only line of defense for the majority of consumers using Windows in 2021.

Ransomware is one of the most dangerous kinds of malware because it not only denies access to your data but demands a ransom be paid.

And the amount of ransom demanded keeps going up. The average ransom payment jumped 31 percent to $233,817 in the third quarter of 2020 from $110,532 in the second quarter, according to statistics posted by Coveware.

Are you protected? Windows ransomware protection basics

Unbeknownst to many consumer users of Windows, Microsoft offers built-in ransomware protection as part of Windows Defender, found under Virus & Threat Protection.

The basics for turning it on aren’t complicated: type in “Ransomware Protection” in the Windows 10 Cortana search bar (typically in the bottom lower left of the screen) then go to the “Ransomware Protection” screen.

You’re given the option to select “Protected folders” as Microsoft spells out in this recent document. Then you have the option to select which folders you want protected from Ransomware. This is designed to protect* files and folders from unauthorized changes.

The State of Windows Defender Ransomware protection — with some surprises

A YouTube video (at bottom) from The PC Security Channel — an organization sponsored by the Ingenuity Lab, University of Nottingham — ran tests to demonstrate the level of protection you can expect from Windows Defender.

While the online protection test yielded good results with only a single ransomware “sample” getting through (see 2:20 mark), the offline protection was more dicey (see: 7:40 mark) with 10 samples missed.

After the offline test, there is an attempt to reboot the computer but it has been hijacked by Ransomware.

“This is what happens to Windows Defender when the Internet goes away,” PC Security Channel says referring to offline protection, adding “it shows how cloud-dependent it is.”

On the upside, some documents were shielded by the Protected Folders feature and the PC Security Channel recommends turning on the Controlled Folder Access, which is under the Windows Ransomware Protection feature.

Microsoft agrees that cloud protection is critical. “Cloud protections are an important part of defending new malware in real-time,” a Microsoft spokesperson told me. “They allow us to continually enhance our anti-malware and other security features built into our platforms to fight the evolving complexity of threats,” the spokesperson said.

Tactics to fend off ransomware

It’s strongly suggested by cybersecurity professionals that you use a a cloud-based file hosting service with automatic backup, such as Microsoft’s OneDrive, so you’re regularly backing up files.

Another good defense is a so-called “air gap” strategy where the external storage device is completely disconnected from your computer and the internet. Back up your files, then disconnect the storage device.

Another piece of advice is to separate work and personal devices, says Unit 42 of Palo Alto Networks, a cybersecurity firm. While attackers tend to target corporations, schools, and hospitals, “we may see consumers who are working from home and doing their shopping on their work devices get targeted by attackers,” Unit 42 said.

Summary:

“While Windows Defender has improved considerably over the years, there are several key areas where it is still largely susceptible to attacks, as we have found during our repeated testing on The PC Security Channel,” Leo, who is the founder of the PC Security Channel, told me in email.

——

NOTES:

*The goal is to block suspicious software but if an app is blocked that you know is safe, Microsoft gives you the option to build a white list. Use the Controlled Folder Access for whitelisting apps. You can do this by going to “allow an app through Controlled folder access.”

See this additional information from Microsoft on ransomware protection.

Comments can be sent via direct message to “twitter.com/mbrookec”

Comments are closed.