Jump to content

Can denying write access to files help against ransomware?


peteyt
 Share

Recommended Posts

  • Most Valued Members

I was just curious if changing the access rights to certain files can help in some cases against ransomware. Basically if you make a file read only would this stop the ransomware writing to that file and encrypting it? I know that ransomware will probably try to use privilege escalation but didn't know if this could help in some situations?

Link to comment
Share on other sites

  • Most Valued Members

Seemingly the next update for windows 10 is going to be using a similar method to what you mentioned above, by restricting write access to *certain* folders and files.

 

Link to comment
Share on other sites

  • Administrators

You can put documents to a specific folder and create a HIPS rule that will have write enabled only for a particular Office application.

As for protected folders that Windows 10 will introduce, my understanding is that it will be prone to injections so even the HIPS rule may not protect well if ransomware injects into word.exe for instance. This is one of the reasons why the anti-ransomware feature is not based on simple HIPS rules but it's a complex functionality under the hood that monitors process behavior to evaluate if a particular write operation is malicious or not.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...