So, I had a mini heart attack yesterday.
My uncle called me in a panic because his laptop screen turned red. It was ransomware. Some hacker wanted $500 or all his photos were gone forever.
It got me thinking. We all install free antivirus apps Avast, AVG, whatever and we see that little green checkmark and think, “Okay, I’m good.”
But let’s be honest: You’re not.
Ransomware moves way faster than those apps. By the time your antivirus wakes up and realizes something is wrong, your files are already toast.
But here is the thing that actually drives me crazy. Windows the operating system you are using right now actually has a tool built-in that stops this cold. It’s free. It’s right there in the settings.
And Microsoft, for some reason, leaves it turned OFF.
I don’t get it either. But you need to turn it on. Like, right now.
1. The “Secret” Switch: Controlled Folder Access
Okay, think of your computer like your house. Antivirus is like a security guard standing at the front gate. He tries to spot the bad guys. But if a thief sneaks past him? They have free run of the place.
Controlled Folder Access is different. It’s like putting a deadbolt on your bedroom door.
Even if a virus sneaks onto your PC, this setting tells Windows: “Hey, lock the Documents folder. Nobody is allowed to change these files unless I say so.”
So when the ransomware tries to encrypt your wedding photos? Windows just blocks it. It says “Nope.” The virus is running, sure, but it can’t touch your stuff.
How to find it (because they hid it):
-
Hit your Start button.
-
Just type “Ransomware”.
-
Click the option that says Ransomware protection.
-
You’ll see a toggle for “Controlled folder access.”
-
Flip that switch ON.
That’s it. Seriously. You just did more for your security in ten seconds than a paid subscription ever could.
(Heads up though: It’s a little aggressive. Sometimes I install a new game on Steam and Windows blocks it from saving. It’s annoying. You just have to click the notification and hit “Allow.” But honestly? I’d rather be annoyed than hacked.)
2. The “Drawer” Strategy
I know everyone tells you to “back up to the cloud.” Google Drive is great. But if your PC gets infected, the virus can sometimes sync that infection right up to your cloud folder. I’ve seen it happen. It’s a nightmare.
You need a backup that is dumb.
-
Get a cheap external hard drive.
-
Copy your photos.
-
UNPLUG IT.
-
Throw it in a desk drawer.
Ransomware can’t hack a piece of plastic sitting in a dark drawer. It’s physically impossible. That hard drive is your “Get Out of Jail Free” card.
3. Stop Trusting File Names
One last tip. Hackers love to trick us with fake file names. They send an email attached with Invoice.pdf. You think, “Oh, a PDF, safe.”
But it’s not. It’s actually Invoice.pdf.exe. Windows hides that last part (.exe) to make things look pretty. It’s a terrible default setting.
Make Windows tell the truth: Open any folder > Click View at the top > Check the box for “File name extensions”. Now you can see what the file actually is. If a “photo” ends in .exe, delete it.
Bottom line: Don’t trust your antivirus to do everything. Go flip that switch in your settings. It takes five seconds.
