Ransomware has been a significant and serious threat to organizations. A successful attack not only causes a monetary loss but also inflicts consequential damages due to the loss of information, of assets and, often, of reputation. Although ransomware cannot be completely avoided, there are efficient defenses against this threat that organizations can implement. These defenses include enforcing strict security postures and developing organizational, administrative, and technical controls.
One of such controls which leads to an improved resiliency of an organization against ransomware is a security feature introduced in Fall Creators Update (2017). This feature is called “Controlled folder access” and comes as part of Windows Defender Exploit Guard. This feature is available for both Windows 10 and Windows Server 2019.
Controlled Folder access monitors all processes attempting to change data in defined folders: if a process tries to modify files in these protected folders without being authorized to do so, the operation is blocked and an alert is generated. This stops ransomware and prevents malicious programs from making changes, protecting the data and files.
When implementing Controlled folder access, the user or the system administrator may add the necessary applications to a whitelist of applications that are then allowed to access and change the protected folders.
Watch How RYUK Ransomware Takes Control Over Computer Files in a Matter of Seconds: