<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0"
     xmlns:content="http://purl.org/rss/1.0/modules/content/"
     xmlns:dc="https://purl.org/dc/elements/1.1/"
     xmlns:dcterms="http://purl.org/dc/terms/"
     xmlns:media="http://search.yahoo.com/mrss/"
     xmlns:atom="http://www.w3.org/2005/Atom"
>
    <channel>
                    <atom:link href="https://www.windowscentral.com/feeds/tag/ransomware" rel="self" type="application/rss+xml" />
                            <title><![CDATA[ Latest from Windows Central in Ransomware ]]></title>
                <link>https://www.windowscentral.com/tag/ransomware</link>
        <description><![CDATA[ All the latest ransomware content from the Windows Central team ]]></description>
                                    <lastBuildDate>Thu, 21 Apr 2022 17:03:02 +0000</lastBuildDate>
                            <language>en</language>
                                <item>
                                                            <title><![CDATA[ Malicious 'Windows.exe' file poses threat to unpatched Microsoft Exchange servers ]]></title>
                                                                                                                                                                                                <link>https://www.windowscentral.com/malicious-windowsexe-file-poses-threat-unpatched-microsoft-exchange-servers</link>
                                                                            <description>
                            <![CDATA[ With 2021's Microsoft Exchange Server drama still fresh in the rearview mirror, it's time for more computing chaos in 2022 by way of persisting Exchange-linked ransomware threats. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">9VzvtoHtCff1WwdfLkGzg6</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/mGmNvLDddHaU3zFAJieE5a-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 21 Apr 2022 17:03:02 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Microsoft]]></category>
                                                                                                                    <dc:creator><![CDATA[ Robert Carnevale ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/UyowEeGcqmjdbGuU6YrpTj.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/mGmNvLDddHaU3zFAJieE5a-1280-80.jpg">
                                                            <media:credit><![CDATA[Daniel Rubino / Windows Central]]></media:credit>
                                                                                                                                                                        <media:description><![CDATA[Surface Laptop 4 Amd 2021 Keyboard Lights]]></media:description>                                                            <media:text><![CDATA[Surface Laptop 4 Amd 2021 Keyboard Lights]]></media:text>
                                <media:title type="plain"><![CDATA[Surface Laptop 4 Amd 2021 Keyboard Lights]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/mGmNvLDddHaU3zFAJieE5a-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <h2 id="what-you-need-to-know">What you need to know</h2><ul><li>Microsoft Exchange Server issues in early 2021 led to threat actors absconding with valuable U.S.-based private and public sector data, resulting in the U.S. government getting involved in the security situation.</li><li>Though not as dramatic as 2021's saga, Exchange is once again in the spotlight thanks to Hive ransomware.</li><li>Hive has been exploiting unpatched Exchange server vulnerabilities in order to deploy ransomware and hold data hostage.</li></ul><p>There are few constants in the world. Criminals utilizing ransomware to attack Microsoft products is one of them.</p><p>Though not as dramatic as the national-security-tier Exchange situation that dominated headlines in 2021, wherein state-sponsored hackers pilfered data that experts believe may be fuel for a <a href="https://www.windowscentral.com/microsoft-exchange-server-attacks-may-have-been-about-making-ai-not-just-spying" data-original-url="https://www.windowscentral.com/microsoft-exchange-server-attacks-may-have-been-about-making-ai-not-just-spying">secretive Chinese government AI project</a>, the 2022 landscape isn't devoid of drama either.</p><p>As researched and reported by the <a href="https://www.varonis.com/blog/hive-ransomware-analysis">Varonis Forensics Team</a>, a threat named Hive is stirring the Exchange pot with ransomware attacks (via <a href="https://www.zdnet.com/article/hive-hackers-are-exploiting-microsoft-exchange-servers-in-ransomware-spree/">ZDNet</a>). Since Varonis first spotted Hive in June 2021, it has seen cybercriminals use the aforementioned ransomware against nonprofits, energy providers, healthcare institutions, and more all across the world.</p><p>When it comes to the stakes of being attacked by Hive, it's what you might expect from ransomware: It'll infect your device, get ahold of your files, then demand you either pay up or risk seeing your sensitive data get published.</p><p>What makes Hive so insidious is that, as part of its assault on a device, it uses an attack called "Pass-The-Hash," which gives it access to domain admin accounts without the need for password cracking, resulting in an authenticated session within the network — the foundation for cybercrime field days. It achieves all of this through the delivery of a payload labeled "Windows.exe." If you guessed that the .exe isn't, in fact, in any way related to a legitimate instance of Windows, such as <a href="https://www.windowscentral.com/windows-11" data-original-url="https://www.windowscentral.com/windows-11">Windows 11</a>, you'd be correct. It's nothing but bad news from Hive that will leave files encrypted and cut off from their rightful owners.</p><p>Hive attacks are an active threat to unpatched Exchange servers, which Varonis notes when referencing recorded instances of compromise. Servers that don't have the April and May 2021 security updates are susceptible, so anyone who's <a href="https://www.windowscentral.com/cisa-instructs-us-government-agencies-use-microsoft-malware-scanners" data-original-url="https://www.windowscentral.com/cisa-instructs-us-government-agencies-use-microsoft-malware-scanners">yet to patch up</a> should get on that.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Google examines ransomware scheme that utilizes fake LinkedIn profiles and Microsoft bugs ]]></title>
                                                                                                                                                                                                <link>https://www.windowscentral.com/google-examines-ransomware-scheme-utilizes-fake-linkedin-profiles-and-microsoft-bugs</link>
                                                                            <description>
                            <![CDATA[ Though Microsoft often reports on the ransomware campaigns it's monitoring, sometimes a competitor exposes activity of note. In this case, Google's exposed a group it's nicknamed "Exotic Lily" that's been using Microsoft's tools for nefarious purposes. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">sZPVoHiLKLdv6eX2NPooWe</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/siDPtUjk9BGvZcHXnJHCBJ-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 17 Mar 2022 19:11:28 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Software Apps]]></category>
                                                                                                                    <dc:creator><![CDATA[ Robert Carnevale ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/UyowEeGcqmjdbGuU6YrpTj.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/siDPtUjk9BGvZcHXnJHCBJ-1280-80.jpg">
                                                            <media:credit><![CDATA[Google]]></media:credit>
                                                                                                                                                                        <media:description><![CDATA[Fake Linkedin Profile]]></media:description>                                                            <media:text><![CDATA[Fake Linkedin Profile]]></media:text>
                                <media:title type="plain"><![CDATA[Fake Linkedin Profile]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/siDPtUjk9BGvZcHXnJHCBJ-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <h2 id="what-you-need-to-know-2">What you need to know</h2><ul><li>Google has exposed the details of ransomware campaigns driven by a group it has named "Exotic Lily."</li><li>Exotic Lily leverages fake user profiles and legitimate services such as OneDrive in order to add a more personal, realistic touch to its campaigns.</li><li>Beyond OneDrive and LinkedIn, Exotic Lily has also utilized the weaknesses of Windows for its various efforts.</li></ul><p>Microsoft's security teams routinely report on bad happenings going on in the cybercriminal world, including when such happenings <a href="https://www.windowscentral.com/microsoft-highlights-macos-vulnerability-apple-issues-fix" data-original-url="https://www.windowscentral.com/microsoft-highlights-macos-vulnerability-apple-issues-fix">affect the competition</a>. But this time around, it's Google highlighting how Microsoft's services and products are being used by bad guys for bad purposes.</p><p>Google <a href="https://blog.google/threat-analysis-group/exposing-initial-access-broker-ties-conti/">released a report</a> exposing the operations of a group nicknamed "Exotic Lily," an Initial Access Broker (IAB). IABs infiltrate networks then auction that access to whichever cybercriminal will pay the most.</p><p>Exotic Lily's methods for infiltration are a bit more personal and crafty than those of the usual threat actor, according to Google. Here's the play: The group creates fake social media profiles, including LinkedIn profiles, utilizing easily obtainable data on employees so that the illegitimate duplicates appear authentic. They also utilize spoofed email accounts and then begin engaging with targets, establishing rapport.</p><figure class="van-image-figure " data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="JZXSPgVEv2z27NRyFMQBYm" name="" alt="Fake Linkedin Profile" src="https://cdn.mos.cms.futurecdn.net/JZXSPgVEv2z27NRyFMQBYm.jpg" mos="https://cdn.mos.cms.futurecdn.net/JZXSPgVEv2z27NRyFMQBYm.jpg" align="middle" fullscreen="" width="" height="" attribution="" endorsement="" class=""></p></div></div><figcaption itemprop="caption description" class=""><span class="caption-text">Source: Google </span><span class="credit" itemprop="copyrightHolder">(Image credit: Source: Google)</span></figcaption></figure><p>Once there's an opening to do so, the group uses a file-sharing service such as <a href="https://www.windowscentral.com/march-2022-patch-tuesday-windows-11-here-fixing-onedrive-bug-and-packing-security-updates" data-original-url="https://www.windowscentral.com/march-2022-patch-tuesday-windows-11-here-fixing-onedrive-bug-and-packing-security-updates">OneDrive</a> to deliver and mask the origins of the payload needed to set the scene for ransomware attacks. The group also exploited a now-defunct <a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444" title="" rel="nofollow">zero-day vulnerability</a> in Windows-linked MSHTML in conjunction with its efforts to circulate <a href="https://www.windowscentral.com/microsoft-follows-through-promise-disabling-excel-40-macros" data-original-url="https://www.windowscentral.com/microsoft-follows-through-promise-disabling-excel-40-macros">malicious Office documents</a> designed to trick users into welcoming dangerous content onto their devices.</p><p>In short, Exotic Lily has used a wide range of Microsoft services and products for maleficent purposes, and threats like fake LinkedIn profiles remain a danger. With that being said, Microsoft addressed the aforementioned MSHTML zero-day and Google has guidance in its report for what to look out for, as well as more details on the technical aspects of Exotic Lily's operations should you want to dig deeper.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ That custom Windows XP virtual machine may not be safe, warns FBI ]]></title>
                                                                                                                                                                                                <link>https://www.windowscentral.com/custom-windows-xp-virtual-machine-may-not-be-safe-warns-fbi</link>
                                                                            <description>
                            <![CDATA[ The worlds of the Federal Bureau of Investigation and Windows XP are crossing over thanks to the ransomware known as RagnarLocker. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">mfYEzk8haM1eYknbA8uJdo</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/S2NMMzFuym3DP25JQJbLRK-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 09 Mar 2022 21:54:13 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Microsoft]]></category>
                                                                                                                    <dc:creator><![CDATA[ Robert Carnevale ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/UyowEeGcqmjdbGuU6YrpTj.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/S2NMMzFuym3DP25JQJbLRK-1280-80.jpg">
                                                            <media:credit><![CDATA[Microsoft]]></media:credit>
                                                                                                                                                                        <media:description><![CDATA[Windows XP Bliss]]></media:description>                                                            <media:text><![CDATA[Windows XP Bliss]]></media:text>
                                <media:title type="plain"><![CDATA[Windows XP Bliss]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/S2NMMzFuym3DP25JQJbLRK-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <h2 id="what-you-need-to-know-3">What you need to know</h2><ul><li>The FBI has issued a warning pertaining to the ransomware RagnarLocker and the custom Windows XP virtual machine it deploys within.</li><li>The FBI's warning is primarily for the purpose of educating individuals on one of the many ransomware threats currently making rounds on the web.</li></ul><p>While it's no secret that Windows XP is a favorite of many legitimate, upstanding entities and still dominates <a href="https://www.windowscentral.com/windows-xp-remains-dominant-operating-system-least-one-part-world" data-original-url="https://www.windowscentral.com/windows-xp-remains-dominant-operating-system-least-one-part-world">operating system market share in one part of the world</a>, not everyone who's a fan of the OS or its virtual machine variations has the best intentions in mind. Enter: RagnarLocker.</p><p>RagnarLocker is ransomware being circulated by cybercriminals for the purpose of encrypting files and holding them for ransom. The FBI notes that it doesn't encourage ransomware victims to pay up, since that runs the risk of encouraging cybercriminals. Not to mention, there's no guarantee the criminals will release their hold on your files even after you pay. As for the threat of RagnarLocker specifically, here's how the <a href="https://www.ic3.gov/Media/News/2022/220307.pdf">FBI describes it</a> (via <a href="https://www.zdnet.com/article/fbi-warns-this-ransomware-group-has-gone-after-critical-infrastructure-firms-again-and-again/">ZDNet</a>):</p><div><blockquote><p>RagnarLocker is identified by the extension ".RGNR_ [[ id ]] ," where [[ id ]] is a hash of the computer's NETBIOS name. The actors, identifying themselves as "RAGNAR_LOCKER," leave a .txt ransom note, with instructions on how to pay the ransom and decrypt the data. RagnarLocker uses VMProtect, UPX, and custom packing algorithms and deploys within an attacker's custom Windows XP virtual machine on a target's site.</p></blockquote></div><p>The FBI notes that as of January 2022, a minimum of 52 entities in sectors such as financial services, information technology, critical manufacturing, energy, and government have had to deal with the consequences of RagnarLocker. The ransomware operates on a mass-encryption basis, actively choosing specific files not to encrypt in order to avoid attracting immediate attention while it locks things up.</p><p>Though RagnarLocker may be a particularly pesky foe, it's far from the only instance of ransom-focused malware on the loose. In the modern times we're going through right now, there's a <a href="https://www.windowscentral.com/ransomware-black-hole-threatens-consume-all-according-report" data-original-url="https://www.windowscentral.com/ransomware-black-hole-threatens-consume-all-according-report">ransomware black hole</a> on the loose.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Own an ASUSTOR NAS? Read this immediately. ]]></title>
                                                                                                                                                                                                <link>https://www.windowscentral.com/own-asustor-nas-read-immediately</link>
                                                                            <description>
                            <![CDATA[ DeadBolt ransomware attacks have been reported by ASUSTOR NAS owners. Here's all you need to know and what to do if your enclosure is affected. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">v4KxmZgupRPj8DGvmAx6p4</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/nPdGHVcMAChR3bSRRPSkHL-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 22 Feb 2022 15:18:46 +0000</pubDate>                                                                                                                                <updated>Tue, 22 Feb 2022 17:05:19 +0000</updated>
                                                                                                                                            <category><![CDATA[Storage]]></category>
                                                    <category><![CDATA[Hardware]]></category>
                                                    <category><![CDATA[Desktops]]></category>
                                                                                                <author><![CDATA[ rich.edmonds@futurenet.com (Rich Edmonds) ]]></author>                    <dc:creator><![CDATA[ Rich Edmonds ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/pLy73SP6o5nVBFkCKgFrhN.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/nPdGHVcMAChR3bSRRPSkHL-1280-80.jpg">
                                                            <media:credit><![CDATA[Future]]></media:credit>
                                                                                                                                                                        <media:description><![CDATA[ASUSTOR DRIVESTOR 4 Pro (AS3304T)]]></media:description>                                                            <media:text><![CDATA[ASUSTOR DRIVESTOR 4 Pro (AS3304T)]]></media:text>
                                <media:title type="plain"><![CDATA[ASUSTOR DRIVESTOR 4 Pro (AS3304T)]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/nPdGHVcMAChR3bSRRPSkHL-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <h2 id="what-you-need-to-know-4">What you need to know</h2><ul><li>Owners of ASUSTOR NAS have reported having their data locked away due to ransomware attacks.</li><li>Like the QNAP DeadBolt attack, ASUSTOR NAS owners are having their data held to ransom for Bitcoin payments.</li><li>ASUSTOR recommended all owners disconnect and shut down NAS enclosures immediately.</li></ul><p>Reports are coming in on <a href="https://www.reddit.com/r/asustor/comments/sxywfv/ransomware_attack_megathread/">Reddit</a> and the official <a href="https://forum.asustor.com/viewtopic.php?f=45&t=12630">ASUSTOR forum</a> that NAS enclosures are being attacked by DeadBolt ransomware, similar to what affected QNAP servers. DeadBolt infects the NAS and encrypts the data stored on installed drives, blocking access for the owner.</p><p>The GUI is then altered to show a customized screen with details on the attack and request for payment. This attack seems to have taken place on NAS with different configurations. It doesn't seem to matter if EZConnect is enabled and we're not yet sure what's the cause for allowing such an external attack to take place.</p><p>As reported by <a href="https://www.tomshardware.com/news/if-you-own-an-asustor-nas-shut-it-down-now">Tom's Hardware</a>, this also makes it impossible to know which models are vulnerable (if not all). Affected NAS owners are being asked to provide 0.03 Bitcoin for an encryption key to be sent across. I don't recommend you do so unless your data is incredibly important and ASUSTOR is unable to provide a solution.</p><p>ASUSTOR is currently recommending affected NAS owners to:</p><ul><li>Disconnect the NAS from the LAN.</li><li>Shut down the NAS (press and hold the power button for three seconds).</li><li>Do NOT turn on the NAS once shut down.</li><li>Fill out this <a href="https://docs.google.com/forms/d/e/1FAIpQLScOwZCEitHGhiAeqNAbCPysxZS43bHOqGUK-bGX_mTfW_lG3A/viewform">Google Form</a> for an ASUSTOR technician to respond and provide assistance.</li></ul><p>If you haven't yet been affected, I'd highly recommend you back up all the data saved on the NAS (even if you own the <a href="https://www.windowscentral.com/best-nas-home" data-original-url="https://www.windowscentral.com/best-nas-home">best NAS</a>). Ensure automated updates are disabled, disable SSH, and block all external access to the NAS (limit the enclosure to the LAN). This is a perfect time to invest in an external drive to store a copy of all the files stored on your NAS.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Windows ransomware LockBit makes the jump to Linux ]]></title>
                                                                                                                                                                                                <link>https://www.windowscentral.com/windows-ransomware-lockbit-makes-jump-linux</link>
                                                                            <description>
                            <![CDATA[ Though Windows is the prime target for most everything ransomware-related, web-based criminals aren't content to just harass one population. That's why Linux is getting a fresh dose of the plague ravaging Windows users. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">3AheM8PB1FCoxp1d7NzNL5</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/mGmNvLDddHaU3zFAJieE5a-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 26 Jan 2022 18:00:29 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Microsoft]]></category>
                                                                                                                    <dc:creator><![CDATA[ Robert Carnevale ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/UyowEeGcqmjdbGuU6YrpTj.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/mGmNvLDddHaU3zFAJieE5a-1280-80.jpg">
                                                            <media:credit><![CDATA[Daniel Rubino / Windows Central]]></media:credit>
                                                                                                                                                                        <media:description><![CDATA[Surface Laptop 4 Amd 2021 Keyboard Lights]]></media:description>                                                            <media:text><![CDATA[Surface Laptop 4 Amd 2021 Keyboard Lights]]></media:text>
                                <media:title type="plain"><![CDATA[Surface Laptop 4 Amd 2021 Keyboard Lights]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/mGmNvLDddHaU3zFAJieE5a-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <h2 id="what-you-need-to-know-5">What you need to know</h2><ul><li>Ransomware and Windows go together like bread and butter.</li><li>Though Windows is the primary recipient of ransomware efforts, Linux is getting more and more strains of the threat itself.</li><li>Now LockBit, an irksome danger on the Windows side of computing, has made its Linux debut.</li></ul><p>First, they came for Windows. Then, for Tux. As cool as Linux is, it's increasingly becoming a target for ransomware-friendly cyber criminals intent on ruining people's days.</p><p><a href="https://www.windowscentral.com/can-linux-win-desktop-pc#comments" data-original-url="https://www.windowscentral.com/can-linux-win-desktop-pc#comments">Linux isn't beating out Windows</a> anytime soon in market share, but it's still popular enough to attract bad guys. Case in point: <a href="https://www.windowscentral.com/lockbit-20-ransomware-counters-microsoft-defender-and-evolves-windows-domain-encryption-game" data-original-url="https://www.windowscentral.com/lockbit-20-ransomware-counters-microsoft-defender-and-evolves-windows-domain-encryption-game">LockBit has hopped ship</a>, no longer content to torment just Redmond. Based on a <a href="https://www.anrdoezrs.net/links/100048247/type/dlg/sid/UUwpUdUnU90357/https:/www.trendmicro.com/en_us/research/22/a/analysis-and-Impact-of-lockbit-ransomwares-first-linux-and-vmware-esxi-variant.html" title="" rel="nofollow" target="_blank" data-original-url="https://www.anrdoezrs.net/links/100048247/type/dlg/sid/UUwpUdUnU90357/https://www.trendmicro.com/en_us/research/22/a/analysis-and-Impact-of-lockbit-ransomwares-first-linux-and-vmware-esxi-variant.html">report from Trend Micro Inc.</a>, Linux users who encounter the ransomware can expect the variant tailored to their OS to log the following information:</p><ul><li>Processor information</li><li>Volumes in the system</li><li>Virtual machines (VMs) for skipping</li><li>Total files</li><li>Total VMs</li><li>Encrypted files</li><li>Encrypted VMs</li><li>Total encrypted size</li><li>Time spent for encryption</li></ul><p>You can check out Trend Micro's full report for the ins and outs of what LockBit for Linux is made of, but the overall point is that though <a href="https://www.windowscentral.com/windows-ransomware-magnet-according-new-virustotal-report" data-original-url="https://www.windowscentral.com/windows-ransomware-magnet-according-new-virustotal-report">Windows is a magnet for ransomware</a>, fewer safe havens exist in general these days.</p><p>The <a href="https://www.windowscentral.com/ransomware-black-hole-threatens-consume-all-according-report" data-original-url="https://www.windowscentral.com/ransomware-black-hole-threatens-consume-all-according-report">rise of ransomware</a> means cybercriminals are coming for everyone no matter what operating system they prefer. Though, for now, some are <a href="https://www.windowscentral.com/major-hotel-chain-ditches-windows-chrome-os-after-ransomware-attack" data-original-url="https://www.windowscentral.com/major-hotel-chain-ditches-windows-chrome-os-after-ransomware-attack">choosing Chrome OS to avoid threats</a> as much as possible.</p><p>Malware's always been a problem, but ransomware especially has been a hot commodity in recent memory, so much so that the U.S. government has elected to eyeball <a href="https://www.windowscentral.com/incoming-us-cryptocurrency-sanctions-will-combat-ransomware-attacks-says-report" data-original-url="https://www.windowscentral.com/incoming-us-cryptocurrency-sanctions-will-combat-ransomware-attacks-says-report">sanctions on cryptocurrency</a> to stem the flow of successfully facilitated ransomware schemes. Hide your e-wallets, hide your penguins; they're holding everybody for ransom out here.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ IT, beware: Ransomware black hole threatens to consume all, according to report ]]></title>
                                                                                                                                                                                                <link>https://www.windowscentral.com/ransomware-black-hole-threatens-consume-all-according-report</link>
                                                                            <description>
                            <![CDATA[ Afraid of getting caught up in a ransomware scam? So are a lot of security experts who see the threat expanding its reach at a rapid pace. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">iFrB8qLCMDuHteMyZwT81m</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/mGmNvLDddHaU3zFAJieE5a-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Mon, 22 Nov 2021 21:43:16 +0000</pubDate>                                                                                                                                <updated>Mon, 22 Nov 2021 21:56:58 +0000</updated>
                                                                                                                                            <category><![CDATA[Desktops]]></category>
                                                    <category><![CDATA[Hardware]]></category>
                                                                                                                    <dc:creator><![CDATA[ Robert Carnevale ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/UyowEeGcqmjdbGuU6YrpTj.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/mGmNvLDddHaU3zFAJieE5a-1280-80.jpg">
                                                            <media:credit><![CDATA[Daniel Rubino / Windows Central]]></media:credit>
                                                                                                                                                                        <media:description><![CDATA[Surface Laptop 4 Amd 2021 Keyboard Lights]]></media:description>                                                            <media:text><![CDATA[Surface Laptop 4 Amd 2021 Keyboard Lights]]></media:text>
                                <media:title type="plain"><![CDATA[Surface Laptop 4 Amd 2021 Keyboard Lights]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/mGmNvLDddHaU3zFAJieE5a-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <h2 id="what-you-need-to-know-6">What you need to know</h2><ul><li>Ransomware has seen a spike in popularity amongst threat actors.</li><li>A new report from Sophos indicates the troubles are only set to expand.</li><li>Sophos attributes the rise in ransomware-related threats to elements such as cryptocurrency popularity and an evolution in ransomware distribution models and pressure tactics.</li></ul><p>For those not familiar with the power of ransomware, it's worth looking back at the <a href="https://www.windowscentral.com/microsoft-helps-feds-partially-recover-colonial-pipeline-ransom" data-original-url="https://www.windowscentral.com/microsoft-helps-feds-partially-recover-colonial-pipeline-ransom">Colonial Pipeline situation</a> from mid-2021, wherein part of the U.S.'s oil supply infrastructure was temporarily crippled virtually overnight by a group utilizing the malware type.</p><p>And don't think ransomware is only going after big targets. Threat actors make a habit of preying on unsuspecting businesses and individuals as well, should the promise of money be obvious enough. So when Sophos says the ransomware circuit is set to evolve, that's bad news for everyone.</p><p>According to the <a href="https://www.sophos.com/en-us/press-office/press-releases/2021/11/sophos-2022-threat-report.aspx">Sophos 2022 Threat Report</a>, four major, blossoming ransomware trends have been identified.</p><ol start="1"><li>The ransomware-as-a-service (RaaS) model isn't going anywhere anytime soon.</li><li>Ransomware will remain a key ingredient in existing threat bundles of adware, spam, loaders, and more.</li><li>Extortion efforts related to ransomware attacks will continue to raise the stakes in intensity and expand in variety.</li><li>So long as crypto mining and cryptocurrencies remain popular, ransomware strikes will have ample fuel for their fire.</li></ol><p>In other words, if you want to learn <a href="https://www.windowscentral.com/how-to-mine-crypto-earn-passive-income" data-original-url="https://www.windowscentral.com/how-to-mine-crypto-earn-passive-income">how to mine crypto</a> or are investigating what the <a href="https://www.windowscentral.com/best-gpus-crypto-mining" data-original-url="https://www.windowscentral.com/best-gpus-crypto-mining">best GPUs for crypto mining</a> are, be aware that you're moving into territory heavily targeted by ransomware aficionados. It's so heavily targeted by these sorts of threat actors, in fact, that the U.S. government has been <a href="https://www.windowscentral.com/incoming-us-cryptocurrency-sanctions-will-combat-ransomware-attacks-says-report" data-original-url="https://www.windowscentral.com/incoming-us-cryptocurrency-sanctions-will-combat-ransomware-attacks-says-report">whipping up sanctions</a> for cryptocurrencies on the basis that they could stymie cybercriminal endeavors.</p><p>There's a lot more to the ransomware report than just these findings, so if you want the full scoop, check out Sophos' writeup to learn more about how the malware type threatens IT in particular. And if you're not afraid of ransomware and want to go all-in on Bitcoin or cryptocurrency in general, check out what <a href="https://www.windowscentral.com/el-salvador-doubles-down-cryptocurrency-announces-bitcoin-city" data-original-url="https://www.windowscentral.com/el-salvador-doubles-down-cryptocurrency-announces-bitcoin-city">El Salvador is up to</a>.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ LockBit 2.0 ransomware counters Microsoft Defender and evolves the Windows domain encryption game ]]></title>
                                                                                                                                                                                                <link>https://www.windowscentral.com/lockbit-20-ransomware-counters-microsoft-defender-and-evolves-windows-domain-encryption-game</link>
                                                                            <description>
                            <![CDATA[ LockBit ransomware is evolving. The latest iteration is equipped to subvert Microsoft Defender and cause printer spam. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">v4BQdjeK1JSZW8BAdmfEXf</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/XMVJR4cPmLN2fFGizZggaM-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 29 Jul 2021 20:59:05 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Microsoft]]></category>
                                                                                                                    <dc:creator><![CDATA[ Robert Carnevale ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/UyowEeGcqmjdbGuU6YrpTj.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/XMVJR4cPmLN2fFGizZggaM-1280-80.jpg">
                                                            <media:credit><![CDATA[Daniel Rubino / Windows Central]]></media:credit>
                                                                                                                                                                        <media:description><![CDATA[Surface Laptop 4 Amd 2021 Hero]]></media:description>                                                            <media:text><![CDATA[Surface Laptop 4 Amd 2021 Hero]]></media:text>
                                <media:title type="plain"><![CDATA[Surface Laptop 4 Amd 2021 Hero]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/XMVJR4cPmLN2fFGizZggaM-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <h2 id="what-you-need-to-know-7">What you need to know</h2><ul><li>LockBit 2.0 ransomware-as-a-service has upped its game.</li><li>It can now encrypt networks via group policy updates.</li><li>It can be automatically distributed through a Windows domain, with no scripts required.</li></ul><p>Cyberthreats such as ransomware grow more devilish by the day. Case in point: LockBit 2.0, a specific breed of ransomware-as-a-service that's escalated the stakes associated with suffering a ransomware attack.</p><p>As reported by <a href="https://www.bleepingcomputer.com/news/security/lockbit-ransomware-now-encrypts-windows-domains-using-group-policies/">BleepingComputer</a>, LockBit's been around for a while. As far back as 2019, it was stirring up trouble, offering 70-80% revenue shares to affiliates who used the service-based ransomware while breaching networks and encrypting devices, with the actual developers reaping whatever remained from the software's haul.</p><p>LockBit's evolved since those days, keeping up with the latest tech and trends. Now, the world is faced with LockBit 2.0, which can not only encrypt networks via group policy updates but can hijack connected printers to print a non-stop stream of ransom notes (a ransomware feature seemingly designed to get victims' attention).</p><p>While the printer spam is self-explanatory, here's a more detailed breakdown of that network encryption item. When bad guys take the reins of a domain controller, LockBit 2.0 then distributes itself to domains. It will create new group policies that cut off Microsoft Defender and its defense mechanisms and create policies that launch the ransomware.</p><p>"This is the first ransomware operation to automate this process, and it allows a threat actor to disable Microsoft Defender and execute the ransomware on the entire network with a single command," ethical hacker Vitali Kremez told BleepingComputer.</p><p>In short: LockBit 2.0 is no joke, much like other recent security-related concerns to crop up in the Windows-verse, such as how researchers have exposed a <a href="https://www.windowscentral.com/researchers-highlight-windows-laptop-tpm-vulnerabilities" data-original-url="https://www.windowscentral.com/researchers-highlight-windows-laptop-tpm-vulnerabilities">TPM-related chink in the armor</a> of corporate Windows laptops (which may or may not present issues for <a href="https://www.windowscentral.com/windows-11" data-original-url="https://www.windowscentral.com/windows-11">Windows 11</a>).</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Microsoft says don't trust phony call centers and malicious Excel files ]]></title>
                                                                                                                                                                                                <link>https://www.windowscentral.com/microsoft-says-dont-trust-phony-call-centers-and-malicious-excel-files</link>
                                                                            <description>
                            <![CDATA[ Ransomware attacks are on the rise, and threat actors are getting craftier with them. That's why Microsoft is warning people to look out for call centers and Excel files that are being set up with the sole intent of causing trouble. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">h9bgmuMYuACxkx75XBGS7K</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/6PcLXqsvq2g9fmpkQiCAW3-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 23 Jun 2021 18:14:05 +0000</pubDate>                                                                                                                                <updated>Thu, 24 Jun 2021 17:32:19 +0000</updated>
                                                                                                                                            <category><![CDATA[Microsoft]]></category>
                                                                                                                    <dc:creator><![CDATA[ Robert Carnevale ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/UyowEeGcqmjdbGuU6YrpTj.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/6PcLXqsvq2g9fmpkQiCAW3-1280-80.jpg">
                                                            <media:credit><![CDATA[Stephen Brashear/Getty Images for Microsoft]]></media:credit>
                                                                                                                                                                        <media:description><![CDATA[The Visitor’s Center at Microsoft Headquarters campus is pictured July 17, 2014 in Redmond, Washington.]]></media:description>                                                            <media:text><![CDATA[The Visitor’s Center at Microsoft Headquarters campus is pictured July 17, 2014 in Redmond, Washington.]]></media:text>
                                <media:title type="plain"><![CDATA[The Visitor’s Center at Microsoft Headquarters campus is pictured July 17, 2014 in Redmond, Washington.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/6PcLXqsvq2g9fmpkQiCAW3-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <h2 id="what-you-need-to-know-8">What you need to know</h2><ul><li>Microsoft Security Intelligence has caught wind of a new ransomware attack strategy.</li><li>It involves fake call centers and malicious Excel files.</li><li>The campaign is dubbed "BazaCall."</li></ul><p>There's a <a href="https://www.windowscentral.com/microsoft-helps-feds-partially-recover-colonial-pipeline-ransom" data-original-url="https://www.windowscentral.com/microsoft-helps-feds-partially-recover-colonial-pipeline-ransom">ransomware campaign</a> going on called BazaCall. It's been circulating for months, but <a href="https://twitter.com/MsftSecIntel/status/1407470790333722628">Microsoft Security Intelligence</a> is now publicizing its major points on Twitter with screenshots to help inform the average person of how to stay safe (via <a href="https://www.zdnet.com/article/microsoft-warns-now-attackers-are-using-a-call-centre-to-trick-you-into-downloading-ransomware/">ZDNet</a>).</p><p>Here's how BazaCall works. First, you'll receive an email saying a subscription service of yours is up for renewal, and you'll be invited to call a phone number to cancel if you wish.</p><p>When you call, you'll be told to go to a website and download an Excel file. That file contains the macro that gets the payload onto your machine, crippling you with ransomware.</p><div class="see-more see-more--clipped"><blockquote class="twitter-tweet hawk-ignore" data-lang="en"><p lang="en" dir="ltr">We're tracking an active BazaCall malware campaign leading to human-operated attacks and ransomware deployment. BazaCall campaigns use emails that lure recipients to call a number to cancel their supposed subscription to a certain service. <a href="https://t.co/RS5wGSndhv">pic.twitter.com/RS5wGSndhv</a>We're tracking an active BazaCall malware campaign leading to human-operated attacks and ransomware deployment. BazaCall campaigns use emails that lure recipients to call a number to cancel their supposed subscription to a certain service. <a href="https://t.co/RS5wGSndhv">pic.twitter.com/RS5wGSndhv</a>— Microsoft Security Intelligence (@MsftSecIntel) <a href="https://twitter.com/MsftSecIntel/status/1407470790333722628?ref_src=twsrc%5Etfw">June 22, 2021</a><a href="https://twitter.com/cantworkitout/status/1407470790333722628">June 22, 2021</a></p></blockquote><div class="see-more__filter"></div></div><p>It sounds like a dumb plot on paper, but in reality, decently written emails and full-on fake call centers can present the appearance of a legitimate operation to the gullible, uninformed, or inattentive. As Microsoft mentions in its tweet thread discussing BazaCall, the threat is made even more complex by the fact that there's nothing overtly malicious in the emails themselves, making danger harder to detect.</p><p>The name BazaCall stems from the malware the campaign distributed in the beginning: BazaLoader. Though it's been kicking around for a bit, it seems the efforts to spread ransomware are amping up as people get wise to classic tricks.</p><p>Today we're dealing with harmless emails, con-job call centers, and dangerous Excel files. What happens tomorrow? Do fraudsters legally register and operate entirely legitimate businesses solely to have addresses and phone numbers for swindles on the side? Aside from the fact that that already happens, the point is that ransomware may seem like a foreign concern at the moment, but be ready: Cybercriminals are working overtime to drag you into their net, no matter how elaborate of a scheme such a victory requires.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Hackers are racing to take advantage of unpatched Microsoft Exchange servers ]]></title>
                                                                                                                                                                                                <link>https://www.windowscentral.com/hackers-are-racing-take-advantage-unpatched-microsoft-exchange-servers</link>
                                                                            <description>
                            <![CDATA[ Even though Microsoft has released patches to address vulnerabilities in Exchange servers, many remain unpatched. A new strain of ransomware is being used to target vulnerable systems. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">aMwZansJQgzW8SpK96ZciU</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/McEJBpGDQfhgdP4RzQJSZ5-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 12 Mar 2021 12:26:11 +0000</pubDate>                                                                                                                                <updated>Fri, 12 Mar 2021 18:10:07 +0000</updated>
                                                                                                                                            <category><![CDATA[Microsoft]]></category>
                                                                                                <author><![CDATA[ sendicott47@outlook.com (Sean Endicott) ]]></author>                    <dc:creator><![CDATA[ Sean Endicott ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/i28CCSxviCkYQRHUMnfBye.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/McEJBpGDQfhgdP4RzQJSZ5-1280-80.jpg">
                                                            <media:credit><![CDATA[Windows Central]]></media:credit>
                                                                                                                                                                        <media:description><![CDATA[Microsoft logo at Ignite]]></media:description>                                                            <media:text><![CDATA[Microsoft logo at Ignite]]></media:text>
                                <media:title type="plain"><![CDATA[Microsoft logo at Ignite]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/McEJBpGDQfhgdP4RzQJSZ5-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <h2 id="what-you-need-to-know-9">What you need to know</h2><ul><li>A strain of ransomware called DearCry is being used to target unpatched Exchange servers.</li><li>Microsoft has released patches for Exchange servers, but some organizations have not patched systems yet.</li><li>Check Point Research reports that exploitation attempts doubled every 2-3 hours over a recent 24-hour period.</li></ul><p>While Microsoft has rolled out emergency patches to address vulnerabilities on its Exchange server software, many systems remain unpatched. Attackers are now increasingly going after unpatched systems. A strain of ransomware called DearCry is being utilized by attackers to target unpatched on-premises Exchange servers (via <a href="https://www.zdnet.com/article/microsoft-watch-out-for-this-new-ransomware-threat-to-unpatched-exchange-email-servers/">ZDNet</a>).</p><p>Microsoft has detected and is now blocking the new family of ransomware, but it's still vital for organizations to patch their servers and take other security measures.</p><p>The Microsoft Security Intelligence Twitter account discussed the ransomware recently. A subsequent Tweet explains that Microsoft Defender customers utilizing automatic updates don't need to take any additional action.</p><div class="see-more see-more--clipped"><blockquote class="twitter-tweet hawk-ignore" data-lang="en"><p lang="en" dir="ltr">Microsoft Defender customers utilizing automatic updates do not need to take additional action to receive these protections. On-premises Exchange Server customers should prioritize the security updates outlined here: <a href="https://t.co/DL1XWnitYO">https://t.co/DL1XWnitYO</a>Microsoft Defender customers utilizing automatic updates do not need to take additional action to receive these protections. On-premises Exchange Server customers should prioritize the security updates outlined here: <a href="https://t.co/DL1XWnitYO">https://t.co/DL1XWnitYO</a>— Microsoft Security Intelligence (@MsftSecIntel) <a href="https://twitter.com/MsftSecIntel/status/1370236541268680710?ref_src=twsrc%5Etfw">March 12, 2021</a><a href="https://twitter.com/cantworkitout/status/1370236541268680710">March 12, 2021</a></p></blockquote><div class="see-more__filter"></div></div><p>According to <a href="https://blog.checkpoint.com/2021/03/11/exploits-on-organizations-worldwide/">Check Point Research</a> (CPR), threat actors are increasing their attacks on vulnerable servers. Over 24 hours, CPR saw exploitation attempts on organizations double every 2-3 hours.</p><p>CPR states in its blog:</p><div><blockquote><p>Since the recently disclosed vulnerabilities on Microsoft Exchange Servers, a full race has started amongst hackers and security professionals. Global experts are using massive preventative efforts to combat hackers who are working day-in and day-out to produce an exploit that can successfully leverage the remote code execution vulnerabilities in Microsoft Exchange.</p></blockquote></div><p>CPR explains that if an attacker manages to utilize unpatched vulnerabilities, they can obtain corporate emails and place damaging code within organizations.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Microsoft is a founding member of the Ransomware Task Force ]]></title>
                                                                                                                                                                                                <link>https://www.windowscentral.com/microsoft-founding-member-ransomware-task-force</link>
                                                                            <description>
                            <![CDATA[ Microsoft and 18 other organizations are the founding members of the Ransomware Task Force. The task force will work together to prevent ransomware attacks across a range of industries. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">ga84Z94jeXx3pi3wtsKRn2</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/H9bJAQgMq94TtQupZRfYPT-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 22 Dec 2020 14:33:15 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Microsoft]]></category>
                                                                                                <author><![CDATA[ sendicott47@outlook.com (Sean Endicott) ]]></author>                    <dc:creator><![CDATA[ Sean Endicott ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/i28CCSxviCkYQRHUMnfBye.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/H9bJAQgMq94TtQupZRfYPT-1280-80.jpg">
                                                            <media:credit><![CDATA[Daniel Rubino / Windows Central]]></media:credit>
                                                                                                                                                                        <media:description><![CDATA[Microsoft logo]]></media:description>                                                            <media:text><![CDATA[Microsoft logo]]></media:text>
                                <media:title type="plain"><![CDATA[Microsoft logo]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/H9bJAQgMq94TtQupZRfYPT-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <h2 id="what-you-need-to-know-10">What you need to know</h2><ul><li>Microsoft is among 19 organizations to found the Ransomware Task Force.</li><li>The Ransomware Task Force is made up of security firms, tech companies, and non-profits.</li><li>The goal is to create a standardized framework to deal with ransomware attacks.</li></ul><p>Microsoft, McAfee, and 17 other organizations have come together to form a Ransomware Task Force (RTF) (<a href="https://www.zdnet.com/article/microsoft-and-mcafee-headline-newly-formed-ransomware-task-force/">via ZDNet</a>). The new RTF is made up of security firms, tech companies, and non-profits with a shared goal of combatting ransomware. The group will work to assess current solutions that people and organizations can use to protect against ransomware attacks.</p><p>The RTF will look at existing solutions, find security gaps, and work on a roadmap to plan a defense against ransomware. The RTF will commission expert papers from a wide range of industries and work with stakeholders as well.</p><p>The RTF should yield a standardized framework for handling ransomware attacks. The framework would be based on the input of several organizations, rather than different groups attacking the problem individually.</p><p>The founding members of the RTF are:</p><ul><li>Aspen Digital</li><li>Citrix</li><li>The Cyber Threat Alliance</li><li>Cybereason</li><li>The CyberPeace Institute</li><li>The Cybersecurity Coalition</li><li>The Global Cyber Alliance</li><li>McAfee</li><li>Microsoft</li><li>Rapid7</li><li>Resilience</li><li>SecurityScorecard</li><li>Shadowserver Foundation</li><li>Stratigos Security</li><li>Team Cymru</li><li>Third Way</li><li>UT Austin Stauss Center</li><li>Venable LLP</li></ul><p>"Ransomware incidents have been growing unchecked, and this economically destructive cybercrime has increasingly led to dangerous, physical consequences," says the Institute for Security + Technology in a <a href="https://securityandtechnology.org/blog/ransomware-task-force/">blog post</a>. "This crime transcends sectors and requires bringing all affected stakeholders to the table to synthesize a clear framework of actionable solutions, which is why IST and our coalition of partners are launching this Task Force for a two-to-three month sprint."</p><p>The Ransomware Task Force website will launch in January 2021 and will include its full membership and leadership roles.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ How to enable Controlled folder access to protect data from ransomware on Windows 10 ]]></title>
                                                                                                                                                                                                <link>https://www.windowscentral.com/how-enable-controlled-folder-access-windows-10-fall-creators-update</link>
                                                                            <description>
                            <![CDATA[ On Windows 10, you can use these three ways to enable and configure 'Controlled folder access' on your device to protect your files and folders from malicious programs, such as ransomware. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">nhdYpspkP5HfAMaF3Q8id</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/RwRZhfyJbNDYUvRPA4XJU3-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 07 Aug 2020 11:00:00 +0000</pubDate>                                                                                                                                <updated>Tue, 01 Jul 2025 15:31:47 +0000</updated>
                                                                                                                                            <category><![CDATA[Windows Help]]></category>
                                                    <category><![CDATA[Microsoft]]></category>
                                                    <category><![CDATA[Windows]]></category>
                                                                                                <author><![CDATA[ mhuck@live.com (Mauro Huculak) ]]></author>                    <dc:creator><![CDATA[ Mauro Huculak ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/uFWXqRfVL72iJz8uyzRsrV.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Mauro Huculak has been a Windows How-To Expert contributor at WindowsCentral.com for over a decade, with more than 22 years of combined experience in IT and technical writing. He holds professional certifications from Microsoft (MCSA), Cisco (CCNP), VMware (VCP), and CompTIA (A+, Network+), and has been recognized as a long-time Microsoft MVP. Outside of tech, Mauro enjoys cycling, hiking, and discovering great food.&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/RwRZhfyJbNDYUvRPA4XJU3-1280-80.jpg">
                                                            <media:credit><![CDATA[Windows Central]]></media:credit>
                                                                                                                                                                        <media:description><![CDATA[Manage Ransomware Protection option]]></media:description>                                                            <media:text><![CDATA[Manage Ransomware Protection option]]></media:text>
                                <media:title type="plain"><![CDATA[Manage Ransomware Protection option]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/RwRZhfyJbNDYUvRPA4XJU3-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>On <a href="https://www.windowscentral.com/windows-10">Windows 10</a>, <strong>"Controlled folder access" </strong>is an intrusion-prevention feature available with Microsoft Defender Exploit Guard, which is part of the <a href="https://www.windowscentral.com/software-apps/windows-11/how-to-get-started-with-microsoft-defender-antivirus-on-windows-11">Microsoft Defender Antivirus</a>. It&apos;s been designed primarily to stop ransomware from encrypting and taking your data hostage, but it also protects files from unwanted changes from other malicious applications.</p><p>The anti-ransomware feature is optional on Windows 10. When enabled, it uses a mechanism to track the apps (executable files, scripts, and DLLs), trying to make changes to files in the protected folders. If the app is malicious or not recognized, the feature will block the attempt in real time, and you&apos;ll receive a notification of the suspicious activity.</p><p>If you want to safeguard your data with an extra layer of security, you can enable and customize Controlled folder access using the <a href="https://www.windowscentral.com/beginners-guide-windows-security-windows-10">Windows Security</a> app, Group Policy, and even PowerShell.</p><p>In this <a href="https://www.windowscentral.com/how-to">how-to guide</a>, I will walk you through the steps to enable the Controlled folder access feature on your device to prevent ransomware attacks.</p><h2 class="article-body__section" id="section-how-to-enable-ransomware-protection-from-windows-security"><span>How to enable ransomware protection from Windows Security</span></h2><p>To enable Controlled folder access on Windows 10, use these steps:</p><ol start="1"><li>Open <strong>Start</strong>.</li><li>Search for <strong>Windows Security</strong> and click the top result to open the app.</li><li>Click on <strong>Virus & threat protection</strong>.</li><li>Click the <strong>"Manage ransomware protection"</strong> option under the "Ransomware protection" section. </li></ol><figure class="van-image-figure " data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:1111px;"><p class="vanilla-image-block" style="padding-top:73.27%;"><img id="zhhNif4yKWWztRNLask65K" name="manage-ransomeware-protection-windows-10.jpg" alt="Manage Ransomware Protection option" src="https://cdn.mos.cms.futurecdn.net/zhhNif4yKWWztRNLask65K.jpg" mos="https://cdn.mos.cms.futurecdn.net/awYQiSjKjXqswdj2oCdc36.jpg" align="middle" fullscreen="1" width="1111" height="814" attribution="" endorsement="" class="expandable"><a href='https://cdn.mos.cms.futurecdn.net/zhhNif4yKWWztRNLask65K.jpg' target='_blank' class='expand-button icon-expand-image icon' ></a></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: Mauro Huculak)</span></figcaption></figure><ol start="5"><li>Turn on the <strong>"Controlled folder access"</strong> toggle switch.</li></ol><figure class="van-image-figure " data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:1111px;"><p class="vanilla-image-block" style="padding-top:73.27%;"><img id="dfedEpXYAMV754eH4WdMAQ" name="controllld-folder-access-enable.jpg" alt="Controlled folder access enable option" src="https://cdn.mos.cms.futurecdn.net/dfedEpXYAMV754eH4WdMAQ.jpg" mos="https://cdn.mos.cms.futurecdn.net/x5GcTPXDQrQA35n9S35Ggi.jpg" align="middle" fullscreen="1" width="1111" height="814" attribution="" endorsement="" class="expandable"><a href='https://cdn.mos.cms.futurecdn.net/dfedEpXYAMV754eH4WdMAQ.jpg' target='_blank' class='expand-button icon-expand-image icon' ></a></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: Mauro Huculak)</span></figcaption></figure><p>Once you complete the steps, Microsoft Defender Antivirus will start protecting your files and folders from unauthorized access by malicious programs like ransomware.</p><h2 id="view-block-history">View block history</h2><p>To view a list of blocked items by the anti-ransomware solution, use these steps:</p><ol start="1"><li>Open <strong>Start</strong>.</li><li>Search for <strong>Windows Security</strong> and click the top result to open the app.</li><li>Click on <strong>Virus & threat protection</strong>.</li><li>Click the <strong>Manage ransomware protection</strong> option under the "Ransomware protection" section.</li></ol><figure class="van-image-figure " data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:1111px;"><p class="vanilla-image-block" style="padding-top:73.27%;"><img id="zhhNif4yKWWztRNLask65K" name="manage-ransomeware-protection-windows-10.jpg" alt="Manage Ransomware Protection option" src="https://cdn.mos.cms.futurecdn.net/zhhNif4yKWWztRNLask65K.jpg" mos="https://cdn.mos.cms.futurecdn.net/awYQiSjKjXqswdj2oCdc36.jpg" align="middle" fullscreen="1" width="1111" height="814" attribution="" endorsement="" class="expandable"><a href='https://cdn.mos.cms.futurecdn.net/zhhNif4yKWWztRNLask65K.jpg' target='_blank' class='expand-button icon-expand-image icon' ></a></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: Mauro Huculak)</span></figcaption></figure><ol start="5"><li>Click the <strong>Block history</strong> option.</li></ol><figure class="van-image-figure " data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:1111px;"><p class="vanilla-image-block" style="padding-top:73.27%;"><img id="4Ae3BaFCHARNmSMCxt9NTa" name="controlled-folder-access-block-history.jpg" alt="Controlled folder access block history option" src="https://cdn.mos.cms.futurecdn.net/4Ae3BaFCHARNmSMCxt9NTa.jpg" mos="https://cdn.mos.cms.futurecdn.net/BfrhBCoPwYHeumatRTC8ZR.jpg" align="middle" fullscreen="1" width="1111" height="814" attribution="" endorsement="" class="expandable"><a href='https://cdn.mos.cms.futurecdn.net/4Ae3BaFCHARNmSMCxt9NTa.jpg' target='_blank' class='expand-button icon-expand-image icon' ></a></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: Mauro Huculak)</span></figcaption></figure><ol start="6"><li>Confirm the items that have been blocked.</li></ol><figure class="van-image-figure " data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:1111px;"><p class="vanilla-image-block" style="padding-top:73.27%;"><img id="gxFUmbzBvwN4ZFkmhttWFi" name="controlled-folder-access-history.jpg" alt="Controlled folder access block history" src="https://cdn.mos.cms.futurecdn.net/gxFUmbzBvwN4ZFkmhttWFi.jpg" mos="https://cdn.mos.cms.futurecdn.net/xgDoyha6SRKYdCt4PUrzsE.jpg" align="middle" fullscreen="1" width="1111" height="814" attribution="" endorsement="" class="expandable"><a href='https://cdn.mos.cms.futurecdn.net/gxFUmbzBvwN4ZFkmhttWFi.jpg' target='_blank' class='expand-button icon-expand-image icon' ></a></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: Mauro Huculak)</span></figcaption></figure><p>The page is the same page to view the protection history available through the main page of the Microsoft Defender Antivirus. However, accessing it from this area applies a filter to list only the history of "Controlled folder access."</p><h2 id="add-new-location-for-protection">Add new location for protection</h2><p>By default, the security feature protects the Documents, Pictures, Videos, Music, Desktop, and Favorites folders. Although it&apos;s not possible to modify the default list, if you have files in a different location, you can manually add other paths.</p><p>To add a new folder location for protection, use these steps:</p><ol start="1"><li>Open <strong>Start</strong>.</li><li>Search for <strong>Windows Security</strong> and click the top result to open the app.</li><li>Click on <strong>Virus & threat protection</strong>.</li><li>Click the<strong> "Manage ransomware protection"</strong> option under the "Ransomware protection" section.</li></ol><figure class="van-image-figure " data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:1111px;"><p class="vanilla-image-block" style="padding-top:73.27%;"><img id="zhhNif4yKWWztRNLask65K" name="manage-ransomeware-protection-windows-10.jpg" alt="Manage Ransomware Protection option" src="https://cdn.mos.cms.futurecdn.net/zhhNif4yKWWztRNLask65K.jpg" mos="https://cdn.mos.cms.futurecdn.net/awYQiSjKjXqswdj2oCdc36.jpg" align="middle" fullscreen="1" width="1111" height="814" attribution="" endorsement="" class="expandable"><a href='https://cdn.mos.cms.futurecdn.net/zhhNif4yKWWztRNLask65K.jpg' target='_blank' class='expand-button icon-expand-image icon' ></a></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: Mauro Huculak)</span></figcaption></figure><ol start="5"><li>Click the <strong>Protected folders</strong> option.</li></ol><figure class="van-image-figure " data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:1111px;"><p class="vanilla-image-block" style="padding-top:73.27%;"><img id="PCGwfDzuvJMA6bunVanS6C" name="controlled-folder-access-protected-folders.jpg" alt="Controlled folder access protected folders option" src="https://cdn.mos.cms.futurecdn.net/PCGwfDzuvJMA6bunVanS6C.jpg" mos="https://cdn.mos.cms.futurecdn.net/mnjP8C6LLau38ueNnBCXtd.jpg" align="middle" fullscreen="1" width="1111" height="814" attribution="" endorsement="" class="expandable"><a href='https://cdn.mos.cms.futurecdn.net/PCGwfDzuvJMA6bunVanS6C.jpg' target='_blank' class='expand-button icon-expand-image icon' ></a></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: Mauro Huculak)</span></figcaption></figure><ol start="6"><li>Click the <strong>"Add a protected folder"</strong> button.</li></ol><figure class="van-image-figure " data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:1111px;"><p class="vanilla-image-block" style="padding-top:73.27%;"><img id="mDDdVpxKScRM7BidZ7xXPh" name="add-protected-folder-ransomware.jpg" alt="Add a protected folder" src="https://cdn.mos.cms.futurecdn.net/mDDdVpxKScRM7BidZ7xXPh.jpg" mos="https://cdn.mos.cms.futurecdn.net/ANtTrfCope6UNza9XmDNQ8.jpg" align="middle" fullscreen="1" width="1111" height="814" attribution="" endorsement="" class="expandable"><a href='https://cdn.mos.cms.futurecdn.net/mDDdVpxKScRM7BidZ7xXPh.jpg' target='_blank' class='expand-button icon-expand-image icon' ></a></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: Mauro Huculak)</span></figcaption></figure><ol start="7"><li>Select the new location.</li><li>Click the <strong>Select Folder</strong> button.</li></ol><p>After you complete the steps, the anti-ransomware feature will monitor and protect the new locations.</p><p>If the storage configuration changes, and you need to remove a location, you can follow the same instructions, but in <strong>step 5</strong>, select the location and click the <strong>"Remove"</strong> button.</p><h2 id="whitelist-apps-with-controlled-folder-access">Whitelist apps with Controlled folder access</h2><p>On Windows 10, Controlled folder access can detect the apps that can safely access your files, but in the case one of the apps you trust is blocked, you&apos;ll need to allow the app manually.</p><p>To whitelist an app with Controlled folder access, use these steps:</p><ol start="1"><li>Open <strong>Start</strong>.</li><li>Search for <strong>Windows Security</strong> and click the top result to open the app.</li><li>Click on <strong>Virus & threat protection</strong>.</li><li>Click the <strong>"Manage ransomware protection" </strong>option under the "Ransomware protection" section.</li></ol><figure class="van-image-figure " data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:1111px;"><p class="vanilla-image-block" style="padding-top:73.27%;"><img id="zhhNif4yKWWztRNLask65K" name="manage-ransomeware-protection-windows-10.jpg" alt="Manage Ransomware Protection option" src="https://cdn.mos.cms.futurecdn.net/zhhNif4yKWWztRNLask65K.jpg" mos="https://cdn.mos.cms.futurecdn.net/awYQiSjKjXqswdj2oCdc36.jpg" align="middle" fullscreen="1" width="1111" height="814" attribution="" endorsement="" class="expandable"><a href='https://cdn.mos.cms.futurecdn.net/zhhNif4yKWWztRNLask65K.jpg' target='_blank' class='expand-button icon-expand-image icon' ></a></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: Mauro Huculak)</span></figcaption></figure><ol start="5"><li>Click the <strong>"Allow an app through Controlled folder access"</strong> option.</li></ol><figure class="van-image-figure " data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:1111px;"><p class="vanilla-image-block" style="padding-top:73.27%;"><img id="f5umTaiLVABF3cZscjnUTn" name="allow-app-controlled-folder-access-option.jpg" alt="Allow an app through Controlled folder access option" src="https://cdn.mos.cms.futurecdn.net/f5umTaiLVABF3cZscjnUTn.jpg" mos="https://cdn.mos.cms.futurecdn.net/iSHcyneRfTUqWWQ3eu79rZ.jpg" align="middle" fullscreen="1" width="1111" height="814" attribution="" endorsement="" class="expandable"><a href='https://cdn.mos.cms.futurecdn.net/f5umTaiLVABF3cZscjnUTn.jpg' target='_blank' class='expand-button icon-expand-image icon' ></a></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: Mauro Huculak)</span></figcaption></figure><ol start="6"><li>Click the <strong>"Add an allowed app"</strong> button.</li><li>Select the <strong>"Recently blocked apps"</strong> option to whitelist an app you trust has been flagged as malicious. Or click the<strong> "Browse all apps"</strong> option.</li></ol><figure class="van-image-figure " data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:1111px;"><p class="vanilla-image-block" style="padding-top:73.27%;"><img id="vk2Wa8nTPn7M8gkBNxFMo6" name="allow-app-controlled-folder-access.jpg" alt="Add an allowed app" src="https://cdn.mos.cms.futurecdn.net/vk2Wa8nTPn7M8gkBNxFMo6.jpg" mos="https://cdn.mos.cms.futurecdn.net/ipf53n7Ua8LsWfuJ7CtoRi.jpg" align="middle" fullscreen="1" width="1111" height="814" attribution="" endorsement="" class="expandable"><a href='https://cdn.mos.cms.futurecdn.net/vk2Wa8nTPn7M8gkBNxFMo6.jpg' target='_blank' class='expand-button icon-expand-image icon' ></a></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: Mauro Huculak)</span></figcaption></figure><ol start="8"><li>Select the app executable (for example, chrome.exe) you want to allow through this feature.</li><li>Click the <strong>Open</strong> button.</li></ol><p>Once you complete the steps, the app won&apos;t be blocked by the feature, and it&apos;ll be able to make changes to files.</p><h2 class="article-body__section" id="section-how-to-enable-ransomware-protection-from-group-policy"><span>How to enable ransomware protection from Group Policy</span></h2><p>To enable Windows 10&apos;s ransomware protection with Group Policy, use these steps:</p><ol start="1"><li>Open <strong>Start</strong>.</li><li>Search for <strong>gpedit</strong> and click the top result to open the <strong>Local Group Policy Editor</strong>.</li><li>Browse the following path: <em><strong>Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus > Microsoft Defender Exploit Guard > Controlled Folder Access</strong></em></li><li>Double-click the <strong>"Configure Controlled folder access"</strong> policy on the right side.</li></ol><figure class="van-image-figure " data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:1113px;"><p class="vanilla-image-block" style="padding-top:73.32%;"><img id="CCrrPg9j7bdzUyo9U3cPoJ" name="configure-controlled-folder-access-policy.jpg" alt="Configure Controlled folder access policy" src="https://cdn.mos.cms.futurecdn.net/CCrrPg9j7bdzUyo9U3cPoJ.jpg" mos="https://cdn.mos.cms.futurecdn.net/k3Ac7nWoYh2QpDUh3RLFwi.jpg" align="middle" fullscreen="1" width="1113" height="816" attribution="" endorsement="" class="expandable"><a href='https://cdn.mos.cms.futurecdn.net/CCrrPg9j7bdzUyo9U3cPoJ.jpg' target='_blank' class='expand-button icon-expand-image icon' ></a></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: Mauro Huculak)</span></figcaption></figure><ol start="5"><li>Select the <strong>Enabled</strong> option.</li><li>Select the <strong>Block</strong> option under the "Options" section.</li></ol><figure class="van-image-figure " data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:1113px;"><p class="vanilla-image-block" style="padding-top:73.32%;"><img id="sahy43dKn35vjdoijjQQFR" name="controlled-folder-access-enable-gepedit.jpg" alt="Controlled folder access enable gpedit option" src="https://cdn.mos.cms.futurecdn.net/sahy43dKn35vjdoijjQQFR.jpg" mos="https://cdn.mos.cms.futurecdn.net/SQXwZQEueDfT7SGyxjGQEQ.jpg" align="middle" fullscreen="1" width="1113" height="816" attribution="" endorsement="" class="expandable"><a href='https://cdn.mos.cms.futurecdn.net/sahy43dKn35vjdoijjQQFR.jpg' target='_blank' class='expand-button icon-expand-image icon' ></a></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: Mauro Huculak)</span></figcaption></figure><ol start="7"><li>Click the <strong>Apply</strong> button.</li><li>Click the <strong>OK</strong> button.</li></ol><p>After you complete the steps, Controlled folder access will start monitoring and protecting your files stored in the default system folders.</p><p>The only caveat of using this method is that any future configuration will have to be made through Group Policy. If you open Windows Security, you&apos;ll notice the <strong>"This setting is managed by your administrator" </strong>message and the Controlled folder access option will appear grayed out.</p><p>You can revert the changes using the same instructions, but in <strong>step 5</strong>, select the <strong>"Not Configured"</strong> option.</p><h2 id="add-new-location-for-protection-2">Add new location for protection</h2><p>If you must protect data located in a different location, you can use the "Configure protected folders" policy to add the new folder.</p><p>To include a new location for protection with Control folder access, use these steps:</p><ol start="1"><li>Open <strong>Start</strong>.</li><li>Search for <strong>gpedit</strong> and click the top result to open the <strong>Local Group Policy Editor</strong>.</li><li>Browse the following path: <em><strong>Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus > Microsoft Defender Exploit Guard > Controlled Folder Access</strong></em></li><li>Double-click the<strong> "Configure protected folders" </strong>policy on the right side.</li></ol><figure class="van-image-figure " data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:1113px;"><p class="vanilla-image-block" style="padding-top:73.32%;"><img id="7GBTaPbaGiSEAby4S9EhXb" name="configure-protected-folders-policy.jpg" alt="Configure Controlled Folder Access policy" src="https://cdn.mos.cms.futurecdn.net/7GBTaPbaGiSEAby4S9EhXb.jpg" mos="https://cdn.mos.cms.futurecdn.net/Y93F4QuD47vfc5ib2JgfeM.jpg" align="middle" fullscreen="1" width="1113" height="816" attribution="" endorsement="" class="expandable"><a href='https://cdn.mos.cms.futurecdn.net/7GBTaPbaGiSEAby4S9EhXb.jpg' target='_blank' class='expand-button icon-expand-image icon' ></a></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: Mauro Huculak)</span></figcaption></figure><ol start="5"><li>Select the <strong>Enabled</strong> option.</li><li>Click the <strong>Show</strong> button under the "Options" section.</li></ol><figure class="van-image-figure " data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:1113px;"><p class="vanilla-image-block" style="padding-top:73.32%;"><img id="sszfXW4qwea3f6PxFPoMx4" name="gpedit-controlled-folder-access-enabled-protected-folder.jpg" alt="Controlled folder access enable protected folder" src="https://cdn.mos.cms.futurecdn.net/sszfXW4qwea3f6PxFPoMx4.jpg" mos="https://cdn.mos.cms.futurecdn.net/4zMUgGLqRT3znrzxkFboU3.jpg" align="middle" fullscreen="1" width="1113" height="816" attribution="" endorsement="" class="expandable"><a href='https://cdn.mos.cms.futurecdn.net/sszfXW4qwea3f6PxFPoMx4.jpg' target='_blank' class='expand-button icon-expand-image icon' ></a></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: Mauro Huculak)</span></figcaption></figure><ol start="7"><li>Specify the locations you want to protect by entering the path of the folder in the "Value name" field and adding <strong>0</strong> in the "Value" field. This example adds the "MyData" folder in the "F" drive for protection: <code><em><strong>F:\MyData</strong></em></code></li></ol><figure class="van-image-figure " data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:1113px;"><p class="vanilla-image-block" style="padding-top:73.32%;"><img id="p3k6vVTCg3ya86npodMLmE" name="controlled-folder-access-add-new-folder-gpedit.jpg" alt="Controlled folder access add new folder gpedit" src="https://cdn.mos.cms.futurecdn.net/p3k6vVTCg3ya86npodMLmE.jpg" mos="https://cdn.mos.cms.futurecdn.net/L6GA2egTwiqU2iWpAfuXo7.jpg" align="middle" fullscreen="1" width="1113" height="816" attribution="" endorsement="" class="expandable"><a href='https://cdn.mos.cms.futurecdn.net/p3k6vVTCg3ya86npodMLmE.jpg' target='_blank' class='expand-button icon-expand-image icon' ></a></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: Mauro Huculak)</span></figcaption></figure><ol start="8"><li>Repeat <strong>step 7</strong> to add more locations.</li><li>Click the <strong>OK</strong> button.</li><li>Click the <strong>Apply</strong> button.</li><li>Click the <strong>OK</strong> button.</li></ol><p>Once you complete the steps, the new folder will be added to the protection list for controlled folder access.</p><p>To revert the changes, use the same instructions, but in <strong>step 5</strong>, select the <strong>"Not Configured"</strong> option.</p><h2 id="whitelist-apps-with-controlled-folder-access-2">Whitelist apps with Controlled folder access</h2><p>To whitelist an app through the anti-ransomware feature on Windows 10, use these steps:</p><ol start="1"><li>Open <strong>Start</strong>.</li><li>Search for <strong>gpedit</strong> and click the top result to open the <strong>Local Group Policy Editor</strong>.</li><li>Browse the following path: <em><strong>Computer Configuration > Administrative Templates > Windows Components > Microsoft Defender Antivirus > Microsoft Defender Exploit Guard > Controlled Folder Access</strong></em></li><li>Double-click the <strong>"Configure allowed applications"</strong> policy on the right side.</li></ol><figure class="van-image-figure " data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:1113px;"><p class="vanilla-image-block" style="padding-top:73.32%;"><img id="BUFnU2z9UYN6NiZEW38AVM" name="gpedit-configure-allow-app.jpg" alt="Configure allowed applications policy" src="https://cdn.mos.cms.futurecdn.net/BUFnU2z9UYN6NiZEW38AVM.jpg" mos="https://cdn.mos.cms.futurecdn.net/QWWKCcagq9dWWQCbLs8Ge.jpg" align="middle" fullscreen="1" width="1113" height="816" attribution="" endorsement="" class="expandable"><a href='https://cdn.mos.cms.futurecdn.net/BUFnU2z9UYN6NiZEW38AVM.jpg' target='_blank' class='expand-button icon-expand-image icon' ></a></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: Mauro Huculak)</span></figcaption></figure><ol start="5"><li>Select the <strong>Enabled</strong> option.</li><li>Click the <strong>Show</strong> button under the "Options" section.</li></ol><figure class="van-image-figure " data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:1113px;"><p class="vanilla-image-block" style="padding-top:73.32%;"><img id="dqP8mcJu5LE7RxduktfaLU" name="configure-allowed-app-enable-option.jpg" alt="Configure allowed applications enable option" src="https://cdn.mos.cms.futurecdn.net/dqP8mcJu5LE7RxduktfaLU.jpg" mos="https://cdn.mos.cms.futurecdn.net/Rc2hdEkJSz2KpbSK45ykeN.jpg" align="middle" fullscreen="1" width="1113" height="816" attribution="" endorsement="" class="expandable"><a href='https://cdn.mos.cms.futurecdn.net/dqP8mcJu5LE7RxduktfaLU.jpg' target='_blank' class='expand-button icon-expand-image icon' ></a></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: Mauro Huculak)</span></figcaption></figure><ol start="7"><li>Specify the location of the .exe file for the app (such as <code><em><strong>C:\path\to\app\app.exe</strong></em></code>) you want to allow in the<strong> "Value name"</strong> field and add <strong>0</strong> in the <strong>"Value" </strong>field. This example allows the Chrome app when Controlled folder access is enabled: <em><strong>C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</strong></em></li></ol><figure class="van-image-figure " data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:1113px;"><p class="vanilla-image-block" style="padding-top:73.32%;"><img id="ZwEFYJFe4iwbbjXxtZdRUb" name="allow-app-controlled-folder-acccess-setting.jpg" alt="Allow app through Controlled folder access option" src="https://cdn.mos.cms.futurecdn.net/ZwEFYJFe4iwbbjXxtZdRUb.jpg" mos="https://cdn.mos.cms.futurecdn.net/j4MQKqfnidTn4hTkiqybg7.jpg" align="middle" fullscreen="1" width="1113" height="816" attribution="" endorsement="" class="expandable"><a href='https://cdn.mos.cms.futurecdn.net/ZwEFYJFe4iwbbjXxtZdRUb.jpg' target='_blank' class='expand-button icon-expand-image icon' ></a></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: Mauro Huculak)</span></figcaption></figure><ol start="8"><li>Repeat <strong>step 7</strong> to add more locations.</li><li>Click the <strong>OK</strong> button.</li><li>Click the <strong>Apply</strong> button.</li><li>Click the <strong>OK</strong> button.</li></ol><p>After you complete the steps, the app won&apos;t be blocked, and it&apos;ll be able to make changes to protected files and folders.</p><h2 class="article-body__section" id="section-how-to-enable-ransomware-protection-using-powershell"><span>How to enable ransomware protection using PowerShell</span></h2><p>Alternatively, you can also enable and configure Controlled folder access using PowerShell commands.</p><p>To enable Controlled folder access with PowerShell, use these steps:</p><ol start="1"><li>Open <strong>Start</strong>.</li><li>Search for <strong>PowerShell</strong>, right-click the top result, and click the <strong>Run as administrator</strong> option.</li><li>Type the following command to enable the feature and press <strong>Enter</strong>: <strong>Set-MpPreference -EnableControlledFolderAccess Enabled</strong></li></ol><figure class="van-image-figure " data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:1113px;"><p class="vanilla-image-block" style="padding-top:73.32%;"><img id="e3GMVnCBPFExwgHN5wzEtT" name="powershell-enable-controlled-folder-access.jpg" alt="Controlled folder access enable via PowerShell" src="https://cdn.mos.cms.futurecdn.net/e3GMVnCBPFExwgHN5wzEtT.jpg" mos="https://cdn.mos.cms.futurecdn.net/ZRdezAtfPVnRwS8yD6XmJg.jpg" align="middle" fullscreen="1" width="1113" height="816" attribution="" endorsement="" class="expandable"><a href='https://cdn.mos.cms.futurecdn.net/e3GMVnCBPFExwgHN5wzEtT.jpg' target='_blank' class='expand-button icon-expand-image icon' ></a></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: Mauro Huculak)</span></figcaption></figure><ol start="4"><li>(Optional) Type the following command to disable the security feature and press <strong>Enter</strong>: <em><strong>Set-MpPreference -EnableControlledFolderAccess Disabled</strong></em></li></ol><p>Once you complete the steps, Controlled folder access will enable on your computer to protect files and folders from ransomware attacks.</p><h2 id="add-new-location-for-protection-3">Add new location for protection</h2><p>To allow Controlled folder access to protect an additional folder, use these steps:</p><ol start="1"><li>Open <strong>Start</strong>.</li><li>Search for <strong>PowerShell</strong>, right-click the top result, and click the <strong>Run as administrator</strong> option.</li><li>Type the following command to add a new location and press <strong>Enter</strong>: <em><strong>Add-MpPreference -ControlledFolderAccessProtectedFolders "F:\folder\path\to\add"</strong></em></li></ol><p>In the command, make sure to change the path for the location and executable of the app you want to allow. For example, this command adds the "MyData" folder in the "F" drive to the list of protected folders: <em><strong>Add-MpPreference -ControlledFolderAccessProtectedFolders "F:\MyData"</strong></em></p><figure class="van-image-figure " data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:1113px;"><p class="vanilla-image-block" style="padding-top:73.32%;"><img id="3M8GnFjAK7LS8aTnTBnGba" name="controlled-folder-access-add-folder-powershell.jpg" alt="Controlled folder access add folder via PowerShell" src="https://cdn.mos.cms.futurecdn.net/3M8GnFjAK7LS8aTnTBnGba.jpg" mos="https://cdn.mos.cms.futurecdn.net/Kw2iUrt2fNA6sUGLjbKZYK.jpg" align="middle" fullscreen="1" width="1113" height="816" attribution="" endorsement="" class="expandable"><a href='https://cdn.mos.cms.futurecdn.net/3M8GnFjAK7LS8aTnTBnGba.jpg' target='_blank' class='expand-button icon-expand-image icon' ></a></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: Mauro Huculak)</span></figcaption></figure><ol start="4"><li>(Optional) Type the following command to remove a folder and press <strong>Enter</strong>: <strong>Disable-MpPreference -ControlledFolderAccessProtectedFolders "F:\folder\path\to\remove"</strong></li></ol><p>After you complete the steps, the anti-ransomware feature will protect the contents inside the new location.</p><h2 id="whitelist-apps-with-controlled-folder-access-3">Whitelist apps with Controlled folder access</h2><p>To allow an app in Controlled folder access with PowerShell, use these steps:</p><ol start="1"><li>Open <strong>Start</strong>.</li><li>Search for <strong>PowerShell</strong>, right-click the top result, and click the <strong>Run as administrator</strong> option.</li><li>Type the following command to allow an app and press <strong>Enter</strong>: <em><strong>Add-MpPreference -ControlledFolderAccessAllowedApplications "F:\path\to\app\app.exe"</strong></em></li></ol><p>In the command, make sure to change the path for the location and executable of the app you want to allow. For example, this command adds Chrome to the list of allowed apps: <em><strong>Add-MpPreference -ControlledFolderAccessAllowedApplications "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"</strong></em></p><figure class="van-image-figure " data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:1113px;"><p class="vanilla-image-block" style="padding-top:73.32%;"><img id="w44pUbtVQoKYNgYZ7QWstg" name="controlled-folder-access-whitelist-powershell.jpg" alt="Controlled folder access whitelist app via PowerShell" src="https://cdn.mos.cms.futurecdn.net/w44pUbtVQoKYNgYZ7QWstg.jpg" mos="https://cdn.mos.cms.futurecdn.net/m8F7484J4Cc98tZrg9CRRJ.jpg" align="middle" fullscreen="1" width="1113" height="816" attribution="" endorsement="" class="expandable"><a href='https://cdn.mos.cms.futurecdn.net/w44pUbtVQoKYNgYZ7QWstg.jpg' target='_blank' class='expand-button icon-expand-image icon' ></a></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: Mauro Huculak)</span></figcaption></figure><ol start="4"><li>(Optional) Type the following command to remove an app and press <strong>Enter</strong>: <strong>Remove-MpPreference -ControlledFolderAccessAllowedApplications "F:\path\to\app\app.exe"</strong></li></ol><p>Once you complete the steps, the app will be allowed to run, and changes to your files will be made when the feature is available.</p><p>Controlled folder access is one of the intrusion-prevention features of the Microsoft Defender Exploit Guard, which is part of the Microsoft Defender Antivirus. This means that the security feature won&apos;t be available if you use a third-party antivirus.</p><h2 id="more-resources">More resources</h2><p>For more helpful articles, coverage, and answers to common questions about Windows 10 and Windows 11, visit the following resources: </p><ul><li><a href="https://www.windowscentral.com/software-apps/windows-11">Windows 11 on Windows Central — All you need to know</a></li><li><a href="https://www.windowscentral.com/software-apps/windows-10">Windows 10 on Windows Central — All you need to know</a></li></ul>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ How to protect your PC from CryptoLocker and ransomware attacks ]]></title>
                                                                                                                                                                                                <link>https://www.windowscentral.com/how-protect-your-pc-cryptolocker-and-ransomware-attacks</link>
                                                                            <description>
                            <![CDATA[ Most antivirus programs have tools specifically designed to secure your computer from ransomware, including the notorious CryptoLocker. Kaspersky Total Security is especially good at fighting against malware. Here's how. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">k2Rua9r3oziG36mfB8ubxR</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/XrwWQAeTVPFNRQq4zgqiji-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 07 Apr 2020 18:00:02 +0000</pubDate>                                                                                                                                <updated>Thu, 09 Apr 2020 13:32:57 +0000</updated>
                                                                                                                                            <category><![CDATA[Hardware]]></category>
                                                                                                                    <dc:creator><![CDATA[ Nicole Johnston ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/pYgg7ft37eNbk7TLEHeW4B.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/XrwWQAeTVPFNRQq4zgqiji-1280-80.jpg">
                                                            <media:credit><![CDATA[Nicole Johnston/Windows Central]]></media:credit>
                                                                                                                                                                        <media:description><![CDATA[Kaspersky Backup And Restore]]></media:description>                                                            <media:text><![CDATA[Kaspersky Backup And Restore]]></media:text>
                                <media:title type="plain"><![CDATA[Kaspersky Backup And Restore]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/XrwWQAeTVPFNRQq4zgqiji-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>The CryptoLocker malware is both a Trojan and ransomware. It first enters your system disguised as a legitimate file, then opens the door for the ransomware that locks down important documents and programs until you pay a fee. Installing Kaspersky Total Security is a good way to protect your PC from this and many other threats. Here are some of the tools specifically designed to protect against ransomware, including CryptoLocker, and how to enable them within Kaspersky Total Security.</p><h2 id="products-used-in-this-guide">Products used in this guide</h2><ul><li>The best ransomware protection: <a href="https://www.kqzyfj.com/click-100048247-10998141?sid=UUwpUdUnU76101&url=https%3A%2F%2Fusa.kaspersky.com%2Ftotal-security" title="" rel="nofollow" target="_blank">Kaspersky Total Security</a> ($50 at Kaspersky)</li></ul><h2 id="how-to-enable-kaspersky-browser-extensions">How to enable Kaspersky browser extensions</h2><p>Most malware is either sent as an attachment to email messages or disguised as a legitimate file, like a video player, on a website that looks legitimate. Kaspersky's browser extension recognizes the majority of infected files and stops the download process before the threat has a chance to escape. It also blocks websites that are known to harbor malware files or are phishing schemes and marks safe websites in listed search results.</p><p>Here's how to enable Kaspersky safe browsing extensions.</p><ol start="1"><li>In the web browser of your choice, <strong>open the menu</strong> by clicking the three dots located at the top right-hand side of the view window.</li><li>In the Chrome web browser, selecting <strong>More tools</strong> opens a second menu.</li><li>Next <strong>select Extensions</strong>. (In Firefox, <strong>select Add-Ons</strong>. Or <strong>Select Extensions</strong> from the main Edge menu.)</li></ol><figure class="van-image-figure " data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="SQ59mz92HL5jaDe4d4kjF" name="" alt="Chrome Menu Extentions Edited" src="https://cdn.mos.cms.futurecdn.net/SQ59mz92HL5jaDe4d4kjF.jpg" mos="https://cdn.mos.cms.futurecdn.net/SQ59mz92HL5jaDe4d4kjF.jpg" align="middle" fullscreen="1" width="" height="" attribution="" endorsement="" class="expandable"><a href='https://cdn.mos.cms.futurecdn.net/SQ59mz92HL5jaDe4d4kjF.jpg' target='_blank' class='expand-button icon-expand-image icon' ></a></p></div></div><figcaption itemprop="caption description" class=""><span class="caption-text">Source: Nicole Johnston/Windows Central </span><span class="credit" itemprop="copyrightHolder">(Image credit: Source: Nicole Johnston/Windows Central)</span></figcaption></figure><ol start="4"><li>Your browser will list all extensions installed whether they are active or not. Find the Kaspersky Protection extension and <strong>click to enable</strong> it.</li></ol><figure class="van-image-figure " data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="VtpsSX4Ycapu5DckPczzoP" name="" alt="Kaspersky Browser Extension Enable Edited" src="https://cdn.mos.cms.futurecdn.net/VtpsSX4Ycapu5DckPczzoP.jpg" mos="https://cdn.mos.cms.futurecdn.net/VtpsSX4Ycapu5DckPczzoP.jpg" align="middle" fullscreen="1" width="" height="" attribution="" endorsement="" class="expandable"><a href='https://cdn.mos.cms.futurecdn.net/VtpsSX4Ycapu5DckPczzoP.jpg' target='_blank' class='expand-button icon-expand-image icon' ></a></p></div></div><figcaption itemprop="caption description" class=""><span class="caption-text">Source: Nicole Johnston/Windows Central </span><span class="credit" itemprop="copyrightHolder">(Image credit: Source: Nicole Johnston/Windows Central)</span></figcaption></figure><p>Once activated, Kaspersky's browser extension will block phishing schemes and websites known to harbor malicious downloads, stop malware files from downloading to your computer and mark search results as safe to click on or not.</p><figure class="van-image-figure " data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="iTVzBhfT8ZZJmWBHubf4ca" name="" alt="Kaspersky Browser Extension Block Site Edited" src="https://cdn.mos.cms.futurecdn.net/iTVzBhfT8ZZJmWBHubf4ca.jpg" mos="https://cdn.mos.cms.futurecdn.net/iTVzBhfT8ZZJmWBHubf4ca.jpg" align="middle" fullscreen="1" width="" height="" attribution="" endorsement="" class="expandable"><a href='https://cdn.mos.cms.futurecdn.net/iTVzBhfT8ZZJmWBHubf4ca.jpg' target='_blank' class='expand-button icon-expand-image icon' ></a></p></div></div><figcaption itemprop="caption description" class=""><span class="caption-text">Source: Nicole Johnston/Windows Central </span><span class="credit" itemprop="copyrightHolder">(Image credit: Source: Nicole Johnston/Windows Central)</span></figcaption></figure><h2 id="how-to-use-kaspersky-39-s-vulnerability-scanner">How to use Kaspersky's vulnerability scanner</h2><p>Vulnerability scanners helps identify and stop weak points in your computer, including corrupted drivers and outdated software. These are the easiest places for malware, including ransomware, to break into your network and attack your files. Here's how to find and use Kaspersky's vulnerability scanner.</p><ol start="1"><li><strong>Click More Tools</strong>, located at the bottom of the Kaspersky dashboard.</li><li>On the left side of the view screen, <strong>select Manage applications</strong>. (It is the third file listed.)</li><li>Then <strong>click Vulnerability Scan</strong> in the main view</li></ol><figure class="van-image-figure " data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="iQkSUxntmrTZB5U6fzPUDk" name="" alt="Kaspersky Vulnerability Scan Edited" src="https://cdn.mos.cms.futurecdn.net/iQkSUxntmrTZB5U6fzPUDk.jpg" mos="https://cdn.mos.cms.futurecdn.net/iQkSUxntmrTZB5U6fzPUDk.jpg" align="middle" fullscreen="1" width="" height="" attribution="" endorsement="" class="expandable"><a href='https://cdn.mos.cms.futurecdn.net/iQkSUxntmrTZB5U6fzPUDk.jpg' target='_blank' class='expand-button icon-expand-image icon' ></a></p></div></div><figcaption itemprop="caption description" class=""><span class="caption-text">Source: Nicole Johnston/Windows Central </span><span class="credit" itemprop="copyrightHolder">(Image credit: Source: Nicole Johnston/Windows Central)</span></figcaption></figure><ol start="4"><li>On the next screen, <strong>click the Start scan</strong> button.</li></ol><figure class="van-image-figure " data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="dB3P66vGdnpvPPrvoBsUNF" name="" alt="Kaspersky Vulnerability Scan Start Edited" src="https://cdn.mos.cms.futurecdn.net/dB3P66vGdnpvPPrvoBsUNF.jpg" mos="https://cdn.mos.cms.futurecdn.net/dB3P66vGdnpvPPrvoBsUNF.jpg" align="middle" fullscreen="1" width="" height="" attribution="" endorsement="" class="expandable"><a href='https://cdn.mos.cms.futurecdn.net/dB3P66vGdnpvPPrvoBsUNF.jpg' target='_blank' class='expand-button icon-expand-image icon' ></a></p></div></div><figcaption itemprop="caption description" class=""><span class="caption-text">Source: Nicole Johnston/Windows Central </span><span class="credit" itemprop="copyrightHolder">(Image credit: Source: Nicole Johnston/Windows Central)</span></figcaption></figure><ol start="5"><li>When the scan is complete, Kaspersky will break down where all the vulnerabilities are and details on how to fix them. (You can opt to fix them yourself, or ask Kaspersky to do it for you.)</li></ol><figure class="van-image-figure " data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="sqzCakGsNbF8fsnNkscjVN" name="" alt="Kaspersky Vulnerability Scan Fixes Edited" src="https://cdn.mos.cms.futurecdn.net/sqzCakGsNbF8fsnNkscjVN.jpg" mos="https://cdn.mos.cms.futurecdn.net/sqzCakGsNbF8fsnNkscjVN.jpg" align="middle" fullscreen="1" width="" height="" attribution="" endorsement="" class="expandable"><a href='https://cdn.mos.cms.futurecdn.net/sqzCakGsNbF8fsnNkscjVN.jpg' target='_blank' class='expand-button icon-expand-image icon' ></a></p></div></div><figcaption itemprop="caption description" class=""><span class="caption-text">Source: Nicole Johnston/Windows Central </span><span class="credit" itemprop="copyrightHolder">(Image credit: Source: Nicole Johnston/Windows Central)</span></figcaption></figure><h2 id="how-to-use-kaspersky-to-create-and-save-backup-files">How to use Kaspersky to create and save backup files</h2><p>Kaspersky Total Security helps create backup files. If your computer is ever infected with malware, including ransomware, you can scrub and reset your system, but restore your computer by tapping into the backup files. Kaspersky doesn't have an online storage facility itself, but it will automatically create and store backup files to any online storage site, such as Dropbox. You do need to create an online storage account first.</p><p>Here's how to create backup files.</p><ol start="1"><li><strong>Click Backup and Restore</strong> from the dashboard.</li><li>Then <strong>Select files for backup</strong>.</li></ol><figure class="van-image-figure " data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="R3BZ7ebQBYEKDGpAnbFmrG" name="" alt="Kaspersky Backup And Restore" src="https://cdn.mos.cms.futurecdn.net/R3BZ7ebQBYEKDGpAnbFmrG.jpg" mos="https://cdn.mos.cms.futurecdn.net/R3BZ7ebQBYEKDGpAnbFmrG.jpg" align="middle" fullscreen="1" width="" height="" attribution="" endorsement="" class="expandable"><a href='https://cdn.mos.cms.futurecdn.net/R3BZ7ebQBYEKDGpAnbFmrG.jpg' target='_blank' class='expand-button icon-expand-image icon' ></a></p></div></div><figcaption itemprop="caption description" class=""><span class="caption-text">Source: Nicole Johnston/Windows Central </span><span class="credit" itemprop="copyrightHolder">(Image credit: Source: Nicole Johnston/Windows Central)</span></figcaption></figure><ol start="3"><li><strong>Choose which files to backup</strong>. Kaspersky makes it easy to select all files or specific types of files to backup. You do have the option to select files individually.</li><li>Once you've determined which files to backup, <strong>click next</strong>.</li></ol><figure class="van-image-figure " data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="t3TrRV4i4LmZkuTwPtqUrW" name="" alt="Kaspersky Backup File Select" src="https://cdn.mos.cms.futurecdn.net/t3TrRV4i4LmZkuTwPtqUrW.jpg" mos="https://cdn.mos.cms.futurecdn.net/t3TrRV4i4LmZkuTwPtqUrW.jpg" align="middle" fullscreen="1" width="" height="" attribution="" endorsement="" class="expandable"><a href='https://cdn.mos.cms.futurecdn.net/t3TrRV4i4LmZkuTwPtqUrW.jpg' target='_blank' class='expand-button icon-expand-image icon' ></a></p></div></div><figcaption itemprop="caption description" class=""><span class="caption-text">Source: Nicole Johnston/Windows Central </span><span class="credit" itemprop="copyrightHolder">(Image credit: Source: Nicole Johnston/Windows Central)</span></figcaption></figure><ol start="5"><li><strong>Choose where to save your files</strong>. You can choose to upload them to an online storage account, a thumb drive or locally to your desktop.</li><li><strong>Click Next</strong>.</li></ol><figure class="van-image-figure " data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="aph93Q78it8xMZ7BdfL9nG" name="" alt="Kaspersky Backup File Save" src="https://cdn.mos.cms.futurecdn.net/aph93Q78it8xMZ7BdfL9nG.jpg" mos="https://cdn.mos.cms.futurecdn.net/aph93Q78it8xMZ7BdfL9nG.jpg" align="middle" fullscreen="1" width="" height="" attribution="" endorsement="" class="expandable"><a href='https://cdn.mos.cms.futurecdn.net/aph93Q78it8xMZ7BdfL9nG.jpg' target='_blank' class='expand-button icon-expand-image icon' ></a></p></div></div><figcaption itemprop="caption description" class=""><span class="caption-text">Source: Nicole Johnston/Windows Central </span><span class="credit" itemprop="copyrightHolder">(Image credit: Source: Nicole Johnston/Windows Central)</span></figcaption></figure><ol start="7"><li><strong>Set how often Kaspersky should backup</strong> and save your files. You can choose to have this done daily, weekly, monthly, or manually.</li></ol><figure class="van-image-figure " data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="3jXjNnfn6v5K9mvkGyTRNF" name="" alt="Kaspersky Backup Schedule" src="https://cdn.mos.cms.futurecdn.net/3jXjNnfn6v5K9mvkGyTRNF.jpg" mos="https://cdn.mos.cms.futurecdn.net/3jXjNnfn6v5K9mvkGyTRNF.jpg" align="middle" fullscreen="1" width="" height="" attribution="" endorsement="" class="expandable"><a href='https://cdn.mos.cms.futurecdn.net/3jXjNnfn6v5K9mvkGyTRNF.jpg' target='_blank' class='expand-button icon-expand-image icon' ></a></p></div></div><figcaption itemprop="caption description" class=""><span class="caption-text">Source: Nicole Johnston/Windows Central </span><span class="credit" itemprop="copyrightHolder">(Image credit: Source: Nicole Johnston/Windows Central)</span></figcaption></figure><ol start="8"><li>The final step is to <strong>name your files</strong> before saving them.</li></ol><figure class="van-image-figure " data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="frM7vmbukXs4PtKhJL7evE" name="" alt="Kaspersky Backup Files Named" src="https://cdn.mos.cms.futurecdn.net/frM7vmbukXs4PtKhJL7evE.jpg" mos="https://cdn.mos.cms.futurecdn.net/frM7vmbukXs4PtKhJL7evE.jpg" align="middle" fullscreen="1" width="" height="" attribution="" endorsement="" class="expandable"><a href='https://cdn.mos.cms.futurecdn.net/frM7vmbukXs4PtKhJL7evE.jpg' target='_blank' class='expand-button icon-expand-image icon' ></a></p></div></div><figcaption itemprop="caption description" class=""><span class="caption-text">Source: Nicole Johnston/Windows Central </span><span class="credit" itemprop="copyrightHolder">(Image credit: Source: Nicole Johnston/Windows Central)</span></figcaption></figure><p>If you don't have an online storage account, you can back up your files and store them locally on your desktop. You then can encrypt the files and store them in a secured vault that is only accessible with a passcode.</p><h2 id="how-to-encrypt-and-secure-files-using-kaspersky">How to encrypt and secure files using Kaspersky</h2><p>For important files, you can encrypt them and save them in a Kaspersky vault that can only be accessed with a password you set up. If your computer is infected with ransomware, including CrytoLocker, you can remove the threat and still access those files within the vault. It is secure enough that ransomware cannot penetrate it, and if it were to gain access, it wouldn't recognize your files because of the encryption.</p><p>Here's how to set up your Kaspersky vault.</p><ol start="1"><li><strong>Click More Tools</strong>, located at the bottom of the Kaspersky dashboard.</li><li>On the left side of the view screen, <strong>select Data Protection</strong>. (It is the fourth file listed.)</li><li>Then <strong>choose Data Encryption</strong>.</li></ol><figure class="van-image-figure " data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="Mrmoh9S3pEFkCYPKo2cZ4Y" name="" alt="Kaspersky Data Protection Edited" src="https://cdn.mos.cms.futurecdn.net/Mrmoh9S3pEFkCYPKo2cZ4Y.jpg" mos="https://cdn.mos.cms.futurecdn.net/Mrmoh9S3pEFkCYPKo2cZ4Y.jpg" align="middle" fullscreen="1" width="" height="" attribution="" endorsement="" class="expandable"><a href='https://cdn.mos.cms.futurecdn.net/Mrmoh9S3pEFkCYPKo2cZ4Y.jpg' target='_blank' class='expand-button icon-expand-image icon' ></a></p></div></div><figcaption itemprop="caption description" class=""><span class="caption-text">Source: Nicole Johnston/Windows Central </span><span class="credit" itemprop="copyrightHolder">(Image credit: Source: Nicole Johnston/Windows Central)</span></figcaption></figure><ol start="4"><li>After choosing <strong>Create a new data vault</strong>, Kaspersky will walk you through the steps of adding files to encrypt and setting up a password.</li></ol><figure class="van-image-figure " data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="aPGU4iFWp9bNQDiFSiJL23" name="" alt="Kaspersky Create Vault Edited" src="https://cdn.mos.cms.futurecdn.net/aPGU4iFWp9bNQDiFSiJL23.jpg" mos="https://cdn.mos.cms.futurecdn.net/aPGU4iFWp9bNQDiFSiJL23.jpg" align="middle" fullscreen="1" width="" height="" attribution="" endorsement="" class="expandable"><a href='https://cdn.mos.cms.futurecdn.net/aPGU4iFWp9bNQDiFSiJL23.jpg' target='_blank' class='expand-button icon-expand-image icon' ></a></p></div></div><figcaption itemprop="caption description" class=""><span class="caption-text">Source: Nicole Johnston/Windows Central </span><span class="credit" itemprop="copyrightHolder">(Image credit: Source: Nicole Johnston/Windows Central)</span></figcaption></figure><ol start="5"><li>You can <strong>add files</strong> to be encrypted and added to your vault by either <strong>clicking the Add</strong> button at the bottom, or simply <strong>dragging and dropping files</strong> into the vault.</li></ol><figure class="van-image-figure " data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="sWidsYMVjTzJt82gwqhnkP" name="" alt="Kaspersky Add Encryption To Vault Edited" src="https://cdn.mos.cms.futurecdn.net/sWidsYMVjTzJt82gwqhnkP.jpg" mos="https://cdn.mos.cms.futurecdn.net/sWidsYMVjTzJt82gwqhnkP.jpg" align="middle" fullscreen="1" width="" height="" attribution="" endorsement="" class="expandable"><a href='https://cdn.mos.cms.futurecdn.net/sWidsYMVjTzJt82gwqhnkP.jpg' target='_blank' class='expand-button icon-expand-image icon' ></a></p></div></div><figcaption itemprop="caption description" class=""><span class="caption-text">Source: Nicole Johnston/Windows Central </span><span class="credit" itemprop="copyrightHolder">(Image credit: Source: Nicole Johnston/Windows Central)</span></figcaption></figure><ol start="6"><li>Once you've added your files, <strong>click Done</strong>.</li><li>You will be prompted to <strong>create a password</strong>. Kaspersky requires passwords to have a minimum of eight characters, have both an upper- and lower-case letter, a number and a special character. Make sure you remember your password because there is no way to reset or recover it if lost or forgotten.</li></ol><figure class="van-image-figure " data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="xMG6f6iQ8Wbv75MFvSg4Nn" name="" alt="Kaspersky Vault Password Edited" src="https://cdn.mos.cms.futurecdn.net/xMG6f6iQ8Wbv75MFvSg4Nn.jpg" mos="https://cdn.mos.cms.futurecdn.net/xMG6f6iQ8Wbv75MFvSg4Nn.jpg" align="middle" fullscreen="1" width="" height="" attribution="" endorsement="" class="expandable"><a href='https://cdn.mos.cms.futurecdn.net/xMG6f6iQ8Wbv75MFvSg4Nn.jpg' target='_blank' class='expand-button icon-expand-image icon' ></a></p></div></div><figcaption itemprop="caption description" class=""><span class="caption-text">Source: Nicole Johnston/Windows Central </span><span class="credit" itemprop="copyrightHolder">(Image credit: Source: Nicole Johnston/Windows Central)</span></figcaption></figure><h2 id="my-recommendation-for-ransomware-protection">My recommendation for ransomware protection</h2><p>There are proactive steps you can take to help reduce the risk of becoming infected with malware, including being cautious of email attachments and downloadable files. The best protection is installing a reputable antivirus program that scores high for threat blocking and includes additional security tools. I recommend Kaspersky Total Protection because it has everything you need, plus excellent overall protection from other malware threats. Though Kaspersky Internet Security has a good level of protection, too, some of the tools, such as encryption and backup abilities, aren't included.</p>        <div class="featured_product_block featured_block_horizontal" data-id="68bbc9c6-f7ae-491e-8902-7f774a7fbd23">            <a href="https://www.kqzyfj.com/click-100048247-10998141?sid=UUwpUdUnU76101&url=https%3A%2F%2Fusa.kaspersky.com%2Ftotal-security" data-model-name="Kaspersky Total Security" data-model-brand="" ><div class='product-image-widthsetter'><p class='vanilla-image-block' data-bordeaux-image-check style='padding-top:56.25%';><img style="width: 100%" class="featured_image" src="https://cdn.mos.cms.futurecdn.net/KNAoLYH7Bz76oX33c7unr6.png" alt="Kaspersky Total Security 2019 Boxshot"></p></div></a>            <div class="featured_product_details_wrapper">                <div class="featured_product_title_wrapper">                    <span class='featured__label horizontal__label'>Complete Protection</span>                                                            <div class="featured__title">Kaspersky Total Security</div>                                    </div>                <div class="subtitle__description">                                                            <p><p><strong><em>The top security choice</em></strong><br/></p><p>This is the most comprehensive protection program offered by Kaspersky. It includes parental controls and safe money features and is excellent at protecting against ransomware.</p></p>                </div>                            </div>        </div>        <div class="featured_product_block featured_block_horizontal" data-id="c4ccdc8c-a310-4e3d-80a5-5733e6f2f422">            <a href="https://www.kqzyfj.com/click-100048247-10998141?sid=UUwpUdUnU76101&url=https%3A%2F%2Fusa.kaspersky.com%2Finternet-security" data-model-name="Kaspersky Internet Security" data-model-brand="" ><div class='product-image-widthsetter'><p class='vanilla-image-block' data-bordeaux-image-check style='padding-top:56.25%';><img style="width: 100%" class="featured_image" src="https://cdn.mos.cms.futurecdn.net/uLyuzabqF9dDiofdGS3dEf.png" alt="Kaspersky Internet Security 2019 Boxshot"></p></div></a>            <div class="featured_product_details_wrapper">                <div class="featured_product_title_wrapper">                    <span class='featured__label horizontal__label'>Internet Security</span>                                                            <div class="featured__title">Kaspersky Internet Security</div>                                    </div>                <div class="subtitle__description">                                                            <p><p><strong><em>Another option</em></strong><br/></p><p>Internet Security is better than basic antivirus but lacks tools included with Total Security. It does have password managers and webcam monitoring.</p></p>                </div>                            </div>        </div>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Protecting yourself against ransomware with a Synology NAS ]]></title>
                                                                                                                                                                                                <link>https://www.windowscentral.com/protecting-yourself-against-ransomware-synology-nas</link>
                                                                            <description>
                            <![CDATA[ It's possible to protect yourself against ransomware by using a Synology NAS. Here's what you need to know. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">tbvfuQrgCAdUL6u29HgATV</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/Cdq5YDQceRjknc3ivw4NHD-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 27 Sep 2018 13:00:02 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Storage]]></category>
                                                    <category><![CDATA[Accessories]]></category>
                                                                                                                    <dc:creator><![CDATA[ Rich Edmonds ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/pLy73SP6o5nVBFkCKgFrhN.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/Cdq5YDQceRjknc3ivw4NHD-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Allow Remote Access]]></media:description>                                                            <media:text><![CDATA[Allow Remote Access]]></media:text>
                                <media:title type="plain"><![CDATA[Allow Remote Access]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/Cdq5YDQceRjknc3ivw4NHD-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Recent years has seen a substantial increase in the number of <a href="https://www.windowscentral.com/wannacry-ransomware-attack-windows" data-original-url="https://www.windowscentral.com/wannacry-ransomware-attack-windows">ransomware attacks</a> taking place. What's more is a large number of malware attacks continue to go unreported, according to a survey of IT professionals. How can one protect themselves from becoming the next victim? A Synology NAS is a solid start.</p><p>When targeted by a ransomware attack, criminals will attempt to lock away your data and attempt to sell you access. You'll likely receive some kind of prompt telling about how your files have been encrypted and the only way to get them back is to pay for a decryption tool. For those who don't back up their data, this is one of their worst nightmares.</p><figure class="van-image-figure " data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="uXWhV4uuytSRqtiRMSL62f" name="" alt="WannaCry" src="https://cdn.mos.cms.futurecdn.net/uXWhV4uuytSRqtiRMSL62f.png" mos="https://cdn.mos.cms.futurecdn.net/uXWhV4uuytSRqtiRMSL62f.png" align="middle" fullscreen="" width="" height="" attribution="" endorsement="" class=""></p></div></div></figure><p>Often recommended is the resetting your PC to an earlier date before the attack. Some may even view the reinstallation of Windows as the only way to get systems back to normal. The issue is when you don't back up everything on a regular basis, which involves the loss of files.</p><p>Luckily, if you haven't been targeted yet, there are a few ways to better protect your PC, including the purchase of a Synology NAS.</p><p><a href="https://www.amazon.com/Synology-bay-DiskStation-DS218-Diskless/dp/B077PJX8TH/?tag=hawk-future-20&ascsubtag=UUwpUdUnU59069" title="" class="cta shop speciallink" rel="nofollow" target="_blank">See at Amazon</a></p><h2 id="protect-your-pc-against-ransomware">Protect your PC against ransomware</h2><p>To better equip your PC with the means to repel an attack, you should always ensure you're running the latest release of Windows 10. The installed security suite should also be up-to-date and have the latest definitions to protect you against malicious files.</p><p>Windows 10 comes rocking security software built right into the OS that should be enough if you're conservative while online. It's also important to avoid any suspicious files downloaded, and disable remote access when you don't require the feature.</p><h2 id="disable-remote-access">Disable remote access</h2><ol start="1"><li>Hit <strong>Windows Key + Q</strong> to bring up Cortana.</li><li>Enter "remote access".</li><li>Choose "Allow remote access to your computer".</li></ol><figure class="van-image-figure " data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="r5HWkjxjBs5GuiCgh6EqKc" name="" alt="Allow Remote Access" src="https://cdn.mos.cms.futurecdn.net/r5HWkjxjBs5GuiCgh6EqKc.png" mos="https://cdn.mos.cms.futurecdn.net/r5HWkjxjBs5GuiCgh6EqKc.png" align="middle" fullscreen="1" width="" height="" attribution="" endorsement="" class="expandable"><a href='https://cdn.mos.cms.futurecdn.net/r5HWkjxjBs5GuiCgh6EqKc.png' target='_blank' class='expand-button icon-expand-image icon' ></a></p></div></div></figure><ol start="4"><li>Uncheck "Allow Remote Assistance connections to this computer".</li><li>Hit <strong>OK</strong>.</li></ol><p>You should now be blocking all outside attempts to gain access to your Windows PC.</p><h2 id="use-a-synology-nas">Use a Synology NAS</h2><p>One of your best weapons against ransomware is backing up on a regular basis and using redundant processes. It's a good idea to keep your important files safe on a physical drive (simply copy and paste them in File Explorer), as well as full backups of Windows and PC data on a Synology NAS.</p><p>Using cloud services can be handy, especially if you have the bandwidth available, storage space on said service, and don't mind trusting a company to host your data, but you should also look at keeping copies locally too. A NAS does just this, allowing you to store backups from your PC on a network device.</p><ul><li><a href="https://www.windowscentral.com/how-back-windows-10-synology-nas" class="cta" data-original-url="https://www.windowscentral.com/how-back-windows-10-synology-nas">How to backup Windows 10 on Synology NAS</a></li></ul><p>Should you be hit with ransomware, you can simply disable all external access to the PC, restore or reinstall Windows, apply a backup, and access all your files without paying out for the "decryption" of your own files, no matter how helpful these fine people appear.</p><p><a href="https://www.amazon.com/Synology-bay-DiskStation-DS218-Diskless/dp/B077PJX8TH/?tag=hawk-future-20&ascsubtag=UUwpUdUnU59069" title="" class="cta shop speciallink" rel="nofollow" target="_blank">See at Amazon</a></p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ New 'Bad Rabbit' ransomware attack spreading across Europe ]]></title>
                                                                                                                                                                                                <link>https://www.windowscentral.com/new-bad-rabbit-ransomware-attack-spreading-across-europe</link>
                                                                            <description>
                            <![CDATA[ Following in the footsteps of WannaCry and Petya, a new strain of ransomware is now making its way across Russia and Europe. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">qzdiFvyDbhjrQneB8UkKpd</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/WkDj5E6M4hocUXQ4K846Pi-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 24 Oct 2017 19:08:07 +0000</pubDate>                                                                                                                                <updated>Tue, 24 Oct 2017 19:40:08 +0000</updated>
                                                                                                                                            <category><![CDATA[Microsoft]]></category>
                                                                                                <author><![CDATA[ dan.lancaster@mobilenations.com (Dan Thorp-Lancaster) ]]></author>                    <dc:creator><![CDATA[ Dan Thorp-Lancaster ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/JJXdqxyfJxQjdrGyTbgQJj.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/WkDj5E6M4hocUXQ4K846Pi-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                        <media:description><![CDATA[Image: ESET]]></media:description>                                                            <media:text><![CDATA[Bad Rabbit message]]></media:text>
                                <media:title type="plain"><![CDATA[Bad Rabbit message]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/WkDj5E6M4hocUXQ4K846Pi-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>A new ransomware attack is now spreading across Europe in an outbreak that carries echoes of the <a href="https://www.windowscentral.com/wannacry-ransomware-attack-windows" data-original-url="https://www.windowscentral.com/wannacry-ransomware-attack-windows">WannaCry</a> and <a href="https://www.windowscentral.com/new-ransomware-attack-appears-be-making-its-way-across-europe" data-original-url="https://www.windowscentral.com/new-ransomware-attack-appears-be-making-its-way-across-europe">Petya</a> attacks that hit scores of PCs earlier in 2017.  Called Bad Rabbit, the malware appears to have most strongly impacted Russian and Ukrainian organizations thus far, though similar attacks have been spotted in Turkey and Germany as well.</p><p>According to <a href="https://www.kqzyfj.com/click-100048247-10998141?sid=UUwpUdUnU51649&url=https%3A%2F%2Fwww.kaspersky.com%2Fblog%2Fbad-rabbit-ransomware%2F19887%2F" title="" rel="nofollow" target="_blank">Kaspersky researchers</a>, Bad Rabbit has already infected a number of Russian media outlets, including the Interfax news agency and Fontanka.ru. Odessa International Airport has also reported a cyberattack, but it's not immediately clear whether the two are related. According to <a href="https://www.zdnet.com/article/bad-rabbit-ransomware-a-new-variant-of-petya-is-spreading-warn-researchers/">ZDNet</a>, the Kyiv Metro's payment systems also appear to be impacted.</p><p>Kaspersky explains that the ransomware appears to be targeting corporate networks in a manner similar to the Petya ransomware, but it isn't clear at this point whether Bad Rabbit is related to Petya. Meanwhile, <a href="https://www.welivesecurity.com/2017/10/24/kiev-metro-hit-new-variant-infamous-diskcoder-ransomware/">ESET researchers</a> claim to have identified the malware as Diskcoder.D, which is a variant of Petya.</p><figure class="van-image-figure " data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="ya2YTMo8HcBHQLpGa2SNfR" name="" alt="Bad Rabbit message" src="https://cdn.mos.cms.futurecdn.net/ya2YTMo8HcBHQLpGa2SNfR.png" mos="https://cdn.mos.cms.futurecdn.net/ya2YTMo8HcBHQLpGa2SNfR.png" align="middle" fullscreen="" width="" height="" attribution="" endorsement="" class=""></p></div></div><figcaption itemprop="caption description" class=""><span class="caption-text">Image: ESET </span></figcaption></figure><p>Once infected, victims of the Bad Rabbit attack are directed to a darknet website with a note that demands 0.05 bitcoin (currently around $280) as ransom. The website also features a timer counting down to when the price will increase. It's not yet clear, Kaspersky says, whether it's possible to recover the files encrypted by Bad Rabbit. However, Kaspersky says you can protect yourself by blocking execution of files "c: \ windows \ infpub.dat" and "C: \ Windows \ cscc.dat." If you are infected, experts advise against paying the ransom.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ 'Petya' ransomware: Everything you need to know ]]></title>
                                                                                                                                                                                                <link>https://www.windowscentral.com/petya-ransomware-windows</link>
                                                                            <description>
                            <![CDATA[ There's another massive ransomware attack sweeping across the world. Here's what you need to know. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">fjcAeoU32PTPggn1apbaaX</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/8rDrgkBoegUaXQabMewS2X-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 28 Jun 2017 13:13:10 +0000</pubDate>                                                                                                                                <updated>Wed, 28 Jun 2017 15:01:06 +0000</updated>
                                                                                                                                            <category><![CDATA[Microsoft]]></category>
                                                                                                                    <dc:creator><![CDATA[ Richard Devine ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/b8bNXmNrAnDYChgLU8faWC.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/8rDrgkBoegUaXQabMewS2X-1280-80.jpg">
                                                            <media:credit><![CDATA[Shutterstock]]></media:credit>
                                                                                                                                                                        <media:description><![CDATA[Bitcoin]]></media:description>                                                            <media:text><![CDATA[Petya]]></media:text>
                                <media:title type="plain"><![CDATA[Petya]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/8rDrgkBoegUaXQabMewS2X-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Little more than a month has passed since the notorious <a href="https://www.windowscentral.com/wannacry-ransomware-attack-windows" data-original-url="https://www.windowscentral.com/wannacry-ransomware-attack-windows">WannaCry</a> ransomware attack hit headlines across the world. Now, sadly, we're in a period of another such attack, and this time it's dubbed "Petya" or "GoldenEye."</p><p>The basic problem is the same as the WannaCry outbreak: PCs are infected, locked up and files encrypted with a ransom demanded for access to the blocked files. It's not exactly the same as WannaCry, nor is it currently as widespread, but it's still important to know what you're dealing with.</p><p><a href="https://www.windowscentral.com/how-to-keep-your-windows-pc-protected-against-malware" title="" class="cta large" data-original-url="https://www.windowscentral.com/how-to-keep-your-windows-pc-protected-against-malware">7 tips to keep your Windows PC protected against malware</a></p><h2 id="what-you-need-to-know-about-the-petya-ransomware">What you need to know about the Petya Ransomware</h2><figure class="van-image-figure " data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="3b9gXY9wvUwNHQqaySXLXC" name="" alt="Petya" src="https://cdn.mos.cms.futurecdn.net/3b9gXY9wvUwNHQqaySXLXC.jpg" mos="https://cdn.mos.cms.futurecdn.net/3b9gXY9wvUwNHQqaySXLXC.jpg" align="middle" fullscreen="" width="" height="" attribution="" endorsement="" class=""></p></div></div></figure><h2 id="what-is-petya">What is Petya?</h2><p>Petya is a piece of ransomware that infects computers with the intent of monetary extortion in return for access to the contents of the PCs. It encrypts files, claiming only to let you back in upon receipt of a ransom.</p><h2 id="which-platforms-does-it-affect">Which platforms does it affect?</h2><p>It's a Windows-only affair, and Microsoft already released a patch in March that <em>should</em> protect users, assuming it's installed.</p><p><a href="https://technet.microsoft.com/en-us/library/security/ms17-010.aspx?f=255&MSPPError=-2147217396" title="" rel="nofollow">Microsoft's March 2017 MS17-010 security update</a> is where the necessary patches have been compiled.</p><h2 id="how-does-petya-spread">How does Petya spread?</h2><p>Petya tries to infect PCs using two methods, moving on to the second if the first fails. Once again, as with WannaCry, Petya utilizes the leaked EternalBlue exploit first developed by American security services.</p><p>If that fails because the system has been properly patched, for example, it moves on to the second method, which is to use two Windows administrative tools. Unlike WannaCry, Petya looks to spread within local networks without seeding itself externally, perhaps limiting its early global impact somewhat.</p><p>As reported by <a href="https://www.theguardian.com/technology/2017/jun/27/petya-ransomware-cyber-attack-who-what-why-how">The Guardian</a>, there is a secondary "vaccine" that may prevent infection on a specific PC, but it leaves Petya free to try and spread to others:</p><div><blockquote><p>For this particular malware outbreak, another line of defence has been discovered: 'Petya' checks for a read-only file, C:\Windows\perfc.dat, and if it finds it, it won't run the encryption side of the software. But this "vaccine" doesn't actually prevent infection, and the malware will still use its foothold on your PC to try to spread to others on the same network.</p></blockquote></div><h2 id="what-regions-are-affected-by-petya">What regions are affected by Petya?</h2><p>The outbreak is reported to have surfaced in Eastern Europe, with the Ukraine in particular being hit hard. Organizations in France, the UK, Russia, Denmark and the U.S. are also confirmed as being affected.</p><h2 id="how-much-is-petya-39-s-ransom">How much is Petya's ransom?</h2><p>Right now, $300 in Bitcoin.</p><h2 id="if-i-get-hit-should-i-pay-the-ransom">If I get hit, should I pay the ransom?</h2><p>No way! Remember that these are criminals, and chances are you'll be both out of pocket and without your files if you pay. These people don't want to be found, so they're unlikely to do anything that would give authorities any kind of edge in tracking them down.</p><p>In this case, there's also the issue of how the ransom is being collected. Instead of a unique wallet per user as with WannaCry, Petya is stuffing it all into one. And that has presented its own problems. Users have to send an email to get their decryption codes, and as reported by <a href="https://www.theverge.com/2017/6/27/15881110/petya-notpetya-paying-ransom-email-blocked-ransomware">The Verge</a>, that email address has been shut down:</p><div><blockquote><p>But in the wake of today's globe-spanning infections, Posteo announced today that all account access to the "wowsmith" address have been blocked, making it impossible for the group to read or respond to any messages sent to the address.</p></blockquote></div><p>Chances are you won't get the key you need even if the miscreants behind the attack ever planned on sending it out.</p><h2 id="am-i-at-risk-of-petya-infection">Am I at risk of Petya infection?</h2><p>Sadly, we're always at some kind of risk on the internet. As detailed above, Microsoft already released a patch to mitigate at least the EternalBlue exploit, so the first port of call is to make sure that patch is installed.</p><p>If you don't have your updates turned on, that's a good place to start. Some people may not like "forced updates" but in most cases you shouldn't ignore them.</p><h2 id="how-do-you-get-the-files-back">How do you get the files back?</h2><p>Right now there's not a lot suggesting compromised files will ever be accessible again. If you don't have a backup, you might have lost your stuff. It's good practice to <em>always</em> back up your important files.</p><h2 id="is-there-anything-i-can-do-if-i-am-affected">Is there anything I can do if I am affected?</h2><p>It appears that there is. This tweet by Hacker Fantastic details what is actually the encryption process and how you can throw a spanner in the works.</p><div class="see-more see-more--clipped"><blockquote class="twitter-tweet hawk-ignore" data-lang="en"><p lang="en" dir="ltr">If machine reboots and you see this message, power off immediately! This is the encryption process. If you do not power on, files are fine. <a href="https://t.co/IqwzWdlrX6">pic.twitter.com/IqwzWdlrX6</a>If machine reboots and you see this message, power off immediately! This is the encryption process. If you do not power on, files are fine. <a href="https://t.co/IqwzWdlrX6">pic.twitter.com/IqwzWdlrX6</a>— hackerfantastic.crypto (@hackerfantastic) <a href="https://twitter.com/hackerfantastic/status/879775570766245888?ref_src=twsrc%5Etfw">June 27, 2017</a><a href="https://twitter.com/cantworkitout/status/879775570766245888">June 27, 2017</a></p></blockquote><div class="see-more__filter"></div></div><p>You still can't use your PC but the data you have stored on it will apparently be OK.</p><p><hr/></p><h2 id="your-thoughts">Your thoughts</h2><p>That's a quick overview of where things stand right now, but it's an ever-changing situation. We'll do our best to keep on top of the latest details. And if you have anything helpful to share, be sure to leave it in the comments below.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
            </channel>
</rss>