Microsoft has added a new security feature as part of the latest build of Windows 10 that aims to combat the spread of ransomware on the operating system.
The increasing threat of ransomware – particularly against Windows-running machines – has forced Microsoft to rethink the way data access is handled on a network, which until now has relied on systems like shared ownership across users and varying levels of permissions.
That approach has been largely successful when dealing with the risk of other users deleting or changing data within a file. But ransomware operates by hijacking system programs and encrypting all the data that a particular user has access to, which renders normal protections impotent. In other words, if you can open a document and change its contents, so can any ransomware on your machine.
To combat that, Microsoft has introduced what is known as “controlled folder access” as part of its Windows Defender suite. This new system applies access permissions at the program level, allowing users to give specific folders and documents a “protected” status, with some given compulsory protection by Microsoft.
Those protected files will only be accessible by programs on a whitelist, with any others being blocked by Windows Defender. In theory, this should prevent ransomware from being able to encrypt every scrap of user data on a system – the reason why recent attacks against Microsoft operating systems have been so devastating.
How effective this new system will be remains to be seen. It will need to be robust enough to stop, for example, malicious Word macros from accessing the same documents that Word will be allowed to read.
However, it’s certainly a step towards tackling the increasing popularity of ransomware attacks, which have so far typically targeted Windows-based operating systems. The WannaCry ransomware attack and the recent Petya campaign both exploited vulnerabilities in the Windows Management Instrumentation Command-line, used to execute system commands on the OS. In theory, program permission access would prevent mass encryption-style attacks of this kind.
While the new feature is only available on Windows 10, we have contacted Microsoft to see if it plans to add a similar feature to older operating systems.