Is Microsoft Controlled Folder Access the End of Ransomware
Ransomware is just about everywhere these days. As variants with odd-sounding names like Bad Rabbit, WannaCry and Petya/NotPetya hit the news monthly, even weekly, just about everyone is looking for a solution to what seems to be an intractable problem.
Ransomware ❤️ Windows
While any operating system can get hit with ransomware, Windows gets more than its fair share. This is true because Windows OS has far more users than Mac or Linux but it's also in part because many Windows users use older and unpatched versions of their OS, making their machines far easier targets than their up-to-date counterparts. WannaCry, for example, devastated hundreds of thousands of machines running Windows 7 and XP, both of which are all well known to be outdated and vulnerable to threats of all kinds.
There have been few bright spots in the war against ransomware; while organizations pour time and effort into securing their perimeter from attacks, ransomware finds new and creative ways to get through. Meanwhile, even security gurus attest that ransomware may very well be unavoidable and the best “protection” is a robust disaster recovery plan.
With the recent release of their Windows 10 Fall Creators Update, Microsoft now offers a feature called Controlled Folder Access, which they hope will put an end to the epidemic. To get an idea of how the feature can potentially curb ransomware, you need to know how ransomware itself works. In the typical scenario, ransomware attempts to encrypt all your files/photos/docs and asks you to pay a fee for the “key” to unlock your data so you can access it again. For the encryption to happen, the malware needs to get access to the folders and files to begin with. This is usually trivial since if a user launches a program/software, it will run as that user and have access to anything that user has access to, like your files, photos and docs.
This new feature lets you limit which programs can gain access to which folders. Once it's enabled, it will monitor any changes that applications make to the files in certain protected folders and will send you a notification when a blacklisted app tries to make changes to these files. You can also whitelist certain applications that you want to always allow to access your files without those pesky alerts.
A Good Start But…
Controlling and monitoring access to important files is a great start to beating ransomware. But it's not the ultimate solution to the ransomware epidemic. It's useful only after the malware has gotten onto your endpoints, which in and of itself means that your system is vulnerable. Moreover, while your protected folders are safe, other non-protected folders will still be encrypted. Lastly, it relies on a whitelist/blacklist which is going to require a whole lot of management on the part of the admin.
The real key to blocking ransomware is isolate your endpoints from any and all web-borne threats. Remote browser isolation, along with integrated multi-scan and sanitization technology for secure file downloads, essentially cuts off your end users and their machines from the dangers of the web - including ransomware that comes from rogue links and corrupt files - and prevents malware from gaining a foothold in the first place.
It’s certainly a great move on Microsoft's part to do all they can to put an end to ransomware. But doing “all they can do” isn't all that can be done. It’s time to put a true end to ransomware by isolating your users from the web, with a remote browsing solution that ensures native, interactive and threat-free web browsing.