Skip to main content

Be sure to enable automatic backups, too.

Ransomware is nasty stuff. This type of malware encrypts files on your PC so that you can’t access them—unless you pay the attacker to unlock the data. In other words, your files are held hostage until you cough up the demanded ransom, unless you’re able to survive the ransomware attack using other means.

CBS News recently ran a cautionary segment on the Scattered Spider ransomware group, underscoring just how much damage ransomware can do—so it pays to be prepared. The hackers shut down Las Vegas casinos, causing millions in damage. Your personal computer is less of a target, but why tempt fate?

The best defense against ransomware is avoiding sites and downloads riddled with it, but you can take other protective measures, too. Modern antivirus software often restrict which apps can change files in folders commonly targeted by ransomware. Microsoft Defender, which is built into Windows, can do this too. (Microsoft changed the name from Windows Defender several years ago, but it’s the same program.) Some antivirus suites also run automatic backups, in case you need to restore your files.

The catch? Unlike third-party antivirus software, these extra safeguards are not turned on by default in Microsoft Defender. You have to enable them yourself.

How to turn on ransomware protection in Windows

Step One: Open Windows Security

Open the Windows Security app on your PC. You can access it in one of several ways:

  • Press Alt + Spacebar on your keyboard, type in windows security, then hit Enter
  • Open your Start Menu and type in windows security, then press Enter
  • Open your Settings app, then choose Windows Security in the left pane

Step Two: Find your ransomware settings

In the Windows Security app, click on Virus & threat protection. Then click Manage ransomware protection at the bottom of the screen.

Next, turn on Controlled folder access. This setting restricts app access to your PC’s default OneDrive, Documents, Pictures, Videos, Music, and Favorites folders. You can also manually add other folders to the list.

Not all apps will be barred from these areas in Windows—Microsoft Office programs are automatically allowed to open and alter files. But if it’s not on Microsoft’s internal list of trusted apps, a program can’t see anything in those folders until explicit permission is granted in Windows Security.

Step three: Make sure you’re logged into OneDrive

Limiting access to files and folders won’t completely protect them. Another important method of defense is to have good backups—which Windows automatically does if you’re logged into OneDrive. (You can either connect a Microsoft account to your whole Windows PC, or just the OneDrive app specifically.)

To confirm that this protection is on, you can look at Ransomware protection > Ransomware data recovery.

Of course, for the purpose of warding off ransomware’s worst effects, the safest backup of your files is the one you keep offline. You should make one in addition to anything stored in the cloud—if you only have one copy of your data, you’re not properly backed up after all.

Should you turn on ransomware protection in Windows?

Security and convenience live on opposite ends of a spectrum, and that’s the case here, too. Controlling folder access in Windows can keep attackers out of your important folders, but it can also be slightly inconvenient. Gamers, for example, may find that access to save files might be blocked by default, as they’re often saved in your Documents folder.

You can solve this problem with minimal work—add the app to the access list. Or save game files to a different folder on your PC that does not have controlled access to it. (You’ll just have to use third-party software to set up a schedule for regular backups.)

OUr CURRENT PICK FOR BEST ANTIVIRUS SOFTWARE

Norton 360 Deluxe

Norton 360 Deluxe

Protect your Windows PC from other online threats, too

For more information about Windows Security (and its different components), you can check out our video overview on YouTube. If you prefer more sophisticated software, plus additional protections, you can also look into upgrading your antivirus software. For example, Norton 360 Deluxe, our current top pick for antivirus, bundles strong malware protection with a VPN, password manager, dark web monitoring for your personal data, and more. It can help simplify staying safer online.