Most Valued Members peteyt 359 Posted July 4, 2017 Most Valued Members Share Posted July 4, 2017 I was just curious if changing the access rights to certain files can help in some cases against ransomware. Basically if you make a file read only would this stop the ransomware writing to that file and encrypting it? I know that ransomware will probably try to use privilege escalation but didn't know if this could help in some situations? Link to comment Share on other sites More sharing options...
Most Valued Members cyberhash 166 Posted July 4, 2017 Most Valued Members Share Posted July 4, 2017 Seemingly the next update for windows 10 is going to be using a similar method to what you mentioned above, by restricting write access to *certain* folders and files. Link to comment Share on other sites More sharing options...
Administrators Marcos 4,703 Posted July 7, 2017 Administrators Share Posted July 7, 2017 You can put documents to a specific folder and create a HIPS rule that will have write enabled only for a particular Office application. As for protected folders that Windows 10 will introduce, my understanding is that it will be prone to injections so even the HIPS rule may not protect well if ransomware injects into word.exe for instance. This is one of the reasons why the anti-ransomware feature is not based on simple HIPS rules but it's a complex functionality under the hood that monitors process behavior to evaluate if a particular write operation is malicious or not. Link to comment Share on other sites More sharing options...
Recommended Posts