An Inconvenient Truth: Evading the Ransomware Protection in Windows 10

Presented at ToorCon San Diego 20 (2018), Sept. 16, 2018, 4 p.m. (20 minutes)

The ransomware protection in Windows 10 is useless The WannaCry cyber-attack all over the world in May, 2017 is still fresh in our minds. The malware encrypted and rendered useless hundreds of thousands of computers in over 150 countries. As a measure against ransomware, Microsoft introduced the function "Ransomware protection" in "Windows 10 Fall Creators Update". How does this function work? Is it really effective? In this talk, I will explain the operation principles of "Controlled folder access" of "Ransomware protection" through demonstration video. Then I show the requirements to avoid this function, and describe that this function can be avoided very easily. And I will ask you that we may have to reconsider the definition of vulnerability.


  • Soya Aoyama
    Soya Aoyama is security researcher at Fujitsu System Integration Laboratories Limited. Soya has been working for Fujitsu more than 20 years as software developer of Windows, and had been writing NDIS drivers, Bluetooth profiles, Winsock application, and more, and started security research about 3 years ago. Soya has gave presentation in AVTOKYO 2016 and BSides Las Vegas 2017 in the past.


Similar Presentations: