By discarded, you mean deleted?
Fyi, a new tool which might eventually help with some of the files encrypted with online keys, is currently in the works.
Quoting Michael Gillepsie, "I will now be focusing on sunsetting this decrypter, and continuing work on the
new decrypter that
will work only for the old version (up to .carote) with some caveats. The new decrypter will
completely replace STOPDecrypter when it is released, and will work in a different way. More details to follow upon its release."
Someone did not read
@Amigoltu's post, I see.
Generally, ransomware gets installed thanks to the computer user himself/herself, doing something he/she should never have done in the first place. And no OS can save the user from his/her own ill-informed decisions.
While Windows 10 has something called Controlled Folder Access, it is not enabled by default. And enabling it requires extra involvement from the computer user to set it up to his/her needs.
Now, if I were to protect any computer from Ransomware, I would do any/all of the following things:
- install a blocking (combination of several) Hosts file (W9x => W10)
- install a resident antivirus software, with up to date signatures (W2K => W10)
- install a *
heuristics behavior* based anti ransomware (XP => W10)
- run the OS from a limited account (W2K => W10)
As for me on Windows 10 version 1809, I am using a Hosts file, Windows Defender/Security Intelligence, and the beta version of MalwareBytes Anti-Ransomware (currently at v0.9.18.807 - Build 238)
I am not convinced that exploits are the main distribution channel for Ransomware. But for those who think it is, they may also give a shot at:
- Malwarebytes Anti-Exploit (XP => W10)
- HitmanPro Alert (XP => W10)
The anti exploit solution built into Windows 10 with version 1709 was a hit and miss, but it is also my belief that they are improving it over time. I personally do not feel the need to install MBAE on Windows 10 version 1809.
Regarding the STOP family of computer ransomware,
we learn that their harmful part is built using either VS2013 or VS2017 afaik. It means that OSes which can not run such code are imho safe from such infections.
Other security features built into Windows 10 (not related to Ransomware) may not be available, if the computer itself does not meet sufficient hardware requirements. And such requirements get updated from year to year (please see the reports from
dgreadiness for more info and tips). But this is *way* beyond the scope of this thread...