You download a file from the Internet that you have been looking for a long time, you unzip it, you analyze it with the antivirus and, finally, you decide to run it. No problem. Still nothing happens. And all of a sudden you see how your files disappear and only a text file is left on the desktop. You open it, and you find that you have been a victim of ransomware. How is it possible, if I had my antivirus running?
Ransomware is not like normal viruses. Hackers have created these threats so that they go undetected by most antiviruses. Its operation, in broad strokes, is as follows: we download a harmless script, which does not trigger antivirus alerts, whose function is to download an exploit that allows it to either gain permissions in Windows, or deactivate security measures. of our security program.
Once it achieves its goal, it runs another script, which is responsible for downloading the ransomware in question and executing it on our computer, carrying out the catastrophe. When this malware is executed, all the files that we have on the computer are encrypted, being inaccessible. We will only have a text file on the desktop, which will indicate the amount of money we must pay to be able to recover the files or, otherwise, we will lose them forever. Spoiler: even if we pay, we won’t get them back.
So how can I protect myself from this threat? The essential thing is to use common sense, and never execute files without being 100% sure that they are legit. And backup copies help us so that, in case we end up infected, we can recover. But, if all that is not enough, Windows antivirus itself has a layer of protection against ransomware, but we must activate it manually.
Activate Windows anti-ransomware
To activate this security function, the first thing we must do is open the Windows antivirus configuration window. Once in it, we select the “Antivirus and threat protection” section, and select the “Ransomware protection” option, at the bottom.
Once here, we will arrive at the configuration section of this shield. And we will find two sections. The first of them is that of «Control folder access«, which allows us to protect our files, folders and areas of the device memory to prevent unauthorized changes by malicious applications.
When we activate this option (disabled by default), what we achieve is that the antivirus takes charge of monitoring the folders where we store our most important files and blocks any unauthorized changes to them. For example, if we protect our photo folder, and the ransomware tries to encrypt or delete one of them, it will automatically be blocked.
We can also see the blocking history, to find out if something has tried to modify these folders without permission, and add a series of applications to the list of trusted apps so that those programs can modify the files.
The second option is “Data recovery from ransomware attack«. If we have OneDrive activated, and the ransomware attacks the files stored in the cloud, thanks to this option we can recover the files thanks to the versioning of the changes that Microsoft saves in its cloud.
