“This folder protects against ransomware just leave it” – Message
Today, I came across a hard drive containing a subdirectory in the desktop folder labelled ‘0K; this directory is for Ransomware detection (This folder protects against ransomware just leave it).’
I discovered a slew of false files that I immediately recognized as bait files for ransomware inside the folder. It contained a.jpg, a.txt, a docx, and some unusual 10 files with seemingly random data (for example, the.jpg featured an image of static, similar to analogue television static, and the txt file contained characters that appeared to be random).
I’d never seen anything like it before, and a search on Google turned up nothing but a few Polish and Russian hits. Still, the same folder appears to be present on many computers; if I were to believe the logfiles posted on various sites (including bleepingcomputer.com) as they work their way through removing their infection of all kinds.
Although I didn’t give it much thought when I did it, I was only interested in knowing if this particular drive was infected, and no programme cried out in response; I was satisfied. However, the thought has stuck with me, and I believe it may be a clever way to capture the encryption key of a ransomware infection. The fact that the files in that folder are in some ways random, but that the original content of those files is well known and stored in a secure location suggests that determining the encryption key should be a simple task.
The problem is that I can’t locate any information about that folder; does anyone know if these files were created by an antivirus programme or something else, and if so, are they likely to be successful in ransomware removal? Because the folder for everyone is in the same location (the /desktop folder) and appears to have the same name (the first character is a zero, rather than an Oh), if it occurs, I believe it would not be difficult for a payload to discriminate this folder and skip it. I’d be delighted to read any comments on this matter.
Windows 10 has a built-in ransomware block, you just need to enable it
Windows 10 includes a built-in antivirus system called Windows Defender. It is automatically enabled when you set up a new computer. This provides some protection against malware threats from the wild. Did you know that there is an optional layer that will protect your files in the event of ransomware? You will need to enable ransomware protection manually in Windows 10.
Or, more precisely, a feature called ” Controlled Folder Access.”
Forbes deserves a big thank you for pointing it out. This is something I didn’t know existed. You can enable it by typing “Ransomware Protection” in the Windows search bar. Or, you can navigate to Settings > Update and Security, click Virus & Threat Protection, scroll down, and click on Manage ransomware-protection.
The default setting for the Controlled folder access toggle on my computers is to “off”. You can turn it on to designate specific folders that trusted apps only have permission to access. Additionally, you can add folders above the ones selected by default. If necessary, you can also grant permission to specific apps to access protected folders.