Ransomware gangs have gone pro. DarkSide, the group responsible for a spate of ransomware attacks including Colonial Pipeline, now operates with a business model that mirrors legitimate businesses.
Called Ransomware-as-a-Service (RaaS), it uses partners to execute cyberattacks. For individuals and small businesses and schools, attacks from RaaS groups pose the risk of loss of access to all critical data – in addition to the financial burden of paying a ransom.
The small steps to prepare yourself for a potential future ransomware attack will also protect you from other malware and viruses.
Windows 10 ransomware protection
It’s not widely known to consumers and small business users that Microsoft offers built-in ransomware protection.
Turning it on is pretty simple: type in “Ransomware Protection” in the Windows 10 Cortana search bar (typically in the bottom lower left of the screen) then select the “Ransomware Protection” screen.
Toggle on the “Controlled folder access.” Then you have the option to select which folders you want protected.
Click on “Protected folders.” The Protected Folders screen should already be populated by folders that are protected by default. You’re also given the option to add other protected folders.
In addition, you have the option to add folders from Microsoft’s file hosting service OneDrive, if you subscribe to that service.
“In a ransomware attack, your files can get encrypted and held hostage. With controlled folder access… a notification appears…where an app attempted to make changes to a file in a protected folder,” according to a Microsoft document describing the feature.
You can also “whitelist” applications. While the goal of Windows ransomware protection is to block suspicious software, if an app is blocked that you know is safe, Microsoft allows you to build a white list. Use the Controlled Folder Access for whitelisting apps. You can do this by going to “allow an app through Controlled folder access.”
Other tactics to fend off ransomware
Use a secure cloud-based file hosting service with automatic backup so you’re regularly backing up files.
Another strategy is a so-called “air gap” where the external storage device is completely disconnected (i.e., offline) from your computer and the internet. Back up your files, then disconnect the storage device.
Another piece of advice recommended by cybersecurity experts is to separate work and personal devices. While attackers tend to target corporations, schools, and hospitals, consumers who are working from home can get targeted by attackers too.