Initially I was bemused by this, but then I thought it is possible that Windows Defender could identify a legitimate application as a threat and block it, which is not something the user would want.
Ransomware is one the worst forms of malware. It covertly encrypts your data (pictures, videos, documents are commonly targeted), which will prevent you from accessing them.
It may even lock the bootloader when you reboot or turn off the computer. The malware displays a screen demanding a ransom from the user which usually involves a crypto-currency payment address usually, that you have to send money to.
But, there is no guarantee that a payment will provide the unlock key required to regain access to files that the ransomware encrypted while it ran on the system. Ransomware attacks are often have a timer to add another pressure layer to the ransomware demand. Affected users are asked to pay the amount in time as they won't be able to decrypt their files anymore once the timer runs out.
Decryption tools are available for some ransomware types but these are released after an outbreak usually and not available right from the off.
Many companies, hospitals, and users fell victim to ransomware already.
There are only a few options to protect against ransomware attacks. Two of the most effective are backups and security software that protects against ransomware. Tip: Always keep your computer security up-to-date.
How to enable Ransomware Protection in Windows Defender
1. Open the Windows Security Dashboard by double-clicking on the Defender taskbar icon (or use the Settings app and select Update & Security > Windows Security).
2. Click on Virus & Threat Protection.
3. Scroll down to Ransomware Protection.
4. Click on Manage Ransomware Protection (click Okay on the User Access Control pop-up if it is displayed).
5. On the next page, you will find a toggle for Controlled Folder Access. Enable the option. You have now finished installing ransomware protection on your device.
Most antivirus programs use behavioural scanning to prevent zero-day attacks (new or unidentified malware). In other words, they monitor your computer's services, applications, anything in the background, for suspicious activity. For example, when an otherwise harmless file tries to gain access to your documents folder to execute a script that encrypt the files in it, Windows Defender will stop the malware to protect your data.
By default, the Ransomware Protection only covers specific folders. To view the ones that are secured, click on the Protected Folders option. It's just the User folders like Documents, Pictures, Videos, Music, Desktop and Favourites by default.
Also see: Strong Passwords Matter
So, what happens if a ransomware targets files in other folders? The files are affected unless the ransomware is quarantined before it starts to encrypt files on the device. But don't worry there is a way to secure them.
There is an option on the top of the Protected Folders screen, which says "Add a protected folder". Click on it and choose any folder you want and it will be protected by Windows Defender. The folders can be on any partition or hard drive: they will be secured by the feature.
This method is not a guarantee of total safety, but it's better than what you don't have.
It is always a good idea to do a regular backup of your files, folders, pictures etc. In this day and age we are vulnerable and at least backing up will give you peace of mind if things do go wrong.