Ransoms is sadly the trend these days. We want to share a cheap and effective way to enable prevention that most probably fail to consider.
Using the ransomware simulator from KnowBe4, RanSim, we could see that our endpoints did no prevention previously.
An easy way to minimize the attack surface for ransomware is to use the built-in feature in Windows 10 and Server 2019 called “Controlled Folder Access”. This can be managed with the following:
- Windows Security app
- Microsoft Intune
- Mobile Device Management (MDM)
- Microsoft Endpoint Configuration Manager
- Group Policy
More information can be found here:
Our results after we enabled this prevention (and enabled it for RanSims test-folder) look a lot better.
It notes some things that got denied that should not be denied, but testing did not show any impact to the users experience. This only affected this particular untrusted application.