Can denying write access to files help against ransomware?

[peteyt 393]

I was just curious if changing the access rights to certain files can help in some cases against ransomware. Basically if you make a file read only would this stop the ransomware writing to that file and encrypting it? I know that ransomware will probably try to use privilege escalation but didn't know if this could help in some situations?

[cyberhash 188]

Seemingly the next update for windows 10 is going to be using a similar method to what you mentioned above, by restricting write access to *certain* folders and files.

 

[Marcos 5,070]

You can put documents to a specific folder and create a HIPS rule that will have write enabled only for a particular Office application.

As for protected folders that Windows 10 will introduce, my understanding is that it will be prone to injections so even the HIPS rule may not protect well if ransomware injects into word.exe for instance. This is one of the reasons why the anti-ransomware feature is not based on simple HIPS rules but it's a complex functionality under the hood that monitors process behavior to evaluate if a particular write operation is malicious or not.