Google Workspace Security Best Practices for Ransomware Protection

Anastasia, IT Security Researcher at Spin Technology
Anastasia, IT Security Researcher at Spin Technology Dec 11, 2018

There is arguably no greater threat in today’s data security scene than ransomware. Over the last few years, ransomware became one of the most formidable adversaries to enterprise security and to most organizations’ business-critical data. With recent news headlines, ransomware is constantly plaguing businesses by corrupting their critical data, or by taking down critical systems that can greatly impact business continuity. One misconception about cloud storage is that data in the public cloud is immune to ransomware infection. This is indeed a dangerous idea for organizations to entertain! In this part of the G Suite administrator security essentials discussion, we will take a look at protection against ransomware in the public cloud and why this is extremely important. Also, we will take a close look at how Spinbackup is able to provide key protection against ransomware in Google G Suite environments.

Is Data in the Public Cloud at Risk of Ransomware Infection?

When it comes to physical security and high availability, organizations who host their own enterprise datacenters would be hard-pressed to match the cloud datacenters owned and maintained by public cloud vendors. However, when it comes to data that is housed in the public cloud, public cloud vendors are not as particular in regards to its safety. A common entry point for ransomware infecting cloud data is the synchronization of on-premise files to cloud storage. As an example, many may utilize the Google Backup and Sync application to synchronize on-premise data to Google Drive storage. However, if a ransomware infects the on-premise data, these encrypted files will overwrite the good copy that is stored in the G Suite environment. One can see how easy it would be to have a ransomware infection cross the boundary of on-premise and make its way to potentially business-critical data stored in the public cloud. In general, most public cloud providers offer no native automatic processes to stop ransomware from encrypting files stored there.

As the above scenario underscores, ransomware infections are not simply an “on-premise only” problem. This is a misconception that many organizations have learned the hard way, when their critical data became corrupted in their cloud storage. In fact, it would be naïve to think that public cloud data is not a target of today’s attackers who look for ways to undermine business-critical data and possibly extort money from businesses via ransomware. As more businesses move to the public cloud, the data located there WILL become a target.

How Spinbackup Protects Against Ransomware

With the dangers mentioned above, businesses must be proactive about protecting their data in the public cloud from ransomware infections. Spinbackup provides a powerful solution to both detect and counteract the effects of ransomware attempting to encrypt data stored in the G Suite environment. It provides the following mechanisms for ransomware protection:

  • Ransomware Detection
  • Automated Blocking of ransomware encryption processes
  • Identification and Automated Restore of Encrypted Files
  • Effective Versioning System
  • G Suite Administrator Alerts

Rather than being separate, disjointed mechanisms for providing ransomware protection, the above processes provided by Spinbackup work together to fluidly provide a streamlined and orchestrated protection mechanism for G Suite data. These features effectively detect, stop, and remediate ransomware damage to G Suite data. Let’s see how!

Ransomware Detection

One of the most challenging aspects of fighting ransomware infections is detecting when a ransomware attack is underway. Spinbackup provides a fully automated and sophisticated protection mechanism against ransomware for G Suite environments.

By utilizing powerful machine learning algorithms, Spinbackup takes the heavy lifting out of discovering potential threats to G Suite data. The automated ransomware detection scanner identifies new threats as they appear in the landscape of the G Suite environment. If an end user is infected with ransomware and the ransomware encrypted files are synchronized to the G Suite cloud, Spinbackup’s scanner will detect the infection and initiate its native attack response mechanisms.

ransomware activity is identified as high risk and blocked

Ransomware activity is identified as a High Risk, and is then Blocked.

Automatic Blocking of Ransomware Encryption Processes

After detecting the ransomware infection in a G Suite environment, Spinbackup proactively blocks the source of the infection’s processes. The attack source is blocked in real-time. The domain audit functionality with Spinbackup identifies risks to the G Suite organization and allows security features such as “Ransomware protection” to come into play. This triggers the response that is customizable with the new Custom Policies feature in Spinbackup to allow G Suite administrators to specify actions to be taken when a ransomware is identified.

psing custom policies, actions can be defined for ransomware protection
Using Custom Policies, actions can be defined for Ransomware Protection.

Identification and Automated Restoration of Encrypted Files

After detecting the ransomware infection in Google’s G Suite environment and blocking the source of the attack, Spinbackup will identify which files have been encrypted. G Suite administrators can choose how the files are remediated back to a known healthy state – either automatically or manually. Spinbackup creates an entire snapshot of the G Suite environment with each backup iteration, and the “Restore-In-Time Machine” service provides the means to restore files back to the known good state before the ransomware infection.

G Suite administrators can then choose to manually restore files encrypted by ransomware. Clicking on the Ransomware Protection link in the Domain Audit allows choosing specific files to be recovered.

Spinbackup detects files that are affected by the ransomware attack
Spinbackup detects files that are affected by the ransomware attack.

With the new Custom Policies feature in Spinbackup, G Suite administrators can also allow Spinbackup to automatically recover files that have been encrypted by ransomware!

Custom Policies allow restoring encrypted files automatically
Custom Policies allow Restoring encrypted files automatically.

Effective Versioning System

The power of Spinbackup’s ransomware protection is built on top of the effective versioning system implemented by our backup iterations. Automatic backups, configurable either 1x or 3x a day, provide the Restore-In-Time Machine functionality that makes remediating ransomware infections effective. This feature provides a whole snapshot of a G Suite environment with every automatic or manual backup. The latest snapshot before your account has been infected will be automatically restored with the same folder hierarchy. While G Suite and other public cloud vendors provide some means of versioning, it pales in comparison to the “one-click” restore that Spinbackup provides to G Suite administrators. Having this effective and easy to use version control system provided by Spinbackup allows G Suite administrators to “go back in time” and recover business-critical data that might otherwise be lost.

G Suite Administrator Alerts

When a security event takes place, having the visibility to that event as quickly as possible is crucial to an organization’s overall security strategy. Businesses may have hundreds or thousands of users along with countless files which are being accessed from numerous network endpoints all over the world. Manually policing events and other end user activities are simply not possible. Spinbackup provides powerful alerting that is built in with the other, already mentioned features. With each detection or action involving ransomware and other events, Spinbackup can proactively send alerts to G Suite administrators so they immediately know what is going on in their G Suite environments when security events occur.

G Suite administrators can be notified of important events such as ransomware detection and remediation
G Suite administrators can be notified of important events such as ransomware detection and remediation

Restore alerts can be configured to proactively alert configurable recipients
Restore alerts can be configured to proactively alert configurable recipients

Thoughts

Businesses today must be security minded in protecting business-critical data. This involved protecting both on-premise data as well as data that is stored in the public cloud. Ransomware is arguably posing one of the most dangerous risks to business-critical data for organizations today. As more data is moved to the cloud, it will increasingly be targeted by ransomware. The public cloud is not protected from ransomware by default, and organizations can easily find that their critical data stored in the cloud have become encrypted by a ransomware infection either from on-premise synchronization or a malicious third-party application that has been integrated into the G Suite environment by an unsuspecting end user. Spinbackup provides powerful protection against today’s primary security risks such as ransomware. It does this by effectively detecting and blocking the ransomware, identifying encrypted files, and automatically restoring those files. By using an effective versioning system, G Suite administrators can go back in time by choosing versions of files before the ransomware infection. All of this functionality is complemented by the proactive alerting that allows real time visibility to G Suite administrators.

TRY IT FREE
This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy. We won't track your information when you visit our site. But in order to comply with your preferences, we'll have to use just one tiny cookie so that you're not asked to make this choice again.Learn more about our use of cookies.