Have you experienced a ransomware attack yourself or would like to know how to protect OneDrive from ransomware in the future? In both cases, you’ll need to get familiar with Office 365 security best practices. Let’s find out more about ransomware and Office 365 ransomware recovery.
Table of Contents
Ransomware Grows Smarter
As you probably know, ransomware is a type of malware that encrypts user files or files in the corporate network. Before taking a deeper dive into ransomware protection and recovery, we recommend you learn more about recent trends in ransomware.
Unfortunately for users of cloud services, ransomware strategies are evolving rapidly. Hackers apply more sophisticated smart social engineering tactics.
Here’s a quick summary for modern ransomware attacks:
- The goal of the attacker is to get a ransom for decrypting files (the ransom is usually paid in Bitcoin).
- Ransomware is not an on-premise problem anymore. Even the Office 365 cloud is vulnerable. Ransomcloud, the new type of ransomware, encrypts cloud emails (including Outlook emails).
- A usual way to get a ransomware infection is to click a phishing link and give permission to a risky app. Hackers gain control over your email after you click an infected link.
- Ransomware is well-disguised. It may look like an email from a trusted source like tech support, colleagues, well-known organizations.
- Attackers pressure you to pay the ransom by setting up a time limit for making a payment, or your files will be deleted.
- After you pay a ransom, your emails are restored to the original form.
How Dangerous is Ransomware?
Ransomware attacks O365 cloud of individual users, small businesses, and enterprise companies. Corporate networks are especially hard to protect. A single click from one employee may be enough for a full-scale infection.
In 2018, there were more than 200 million ransomware attacks. Some ransomware attacks deal no damage, yet some are truly disastrous. For example, the estimated damage from WannaCry ransomware is up to $4 billion.
The cost of decrypting the affected data is growing. Сompared to the previous year, the average ransom demand has almost doubled in 2019, from $6,733 to $12,762.
End users and enterprises can be caught off guard and forced to pay the ransom. Does paying the ransom save you from future ransomware infection? No. Trusting ransomware authors is not a game worth playing, especially when your data is on the line.
Ransomware is not unbeatable. There are measures to protect your data against ransomware and recover the corrupted files.
Office 365 Ransomware Protection & Recovery
The Office 365 security best practices against ransomware attack are:
- Avoiding clicking suspicious links.
- Updating security software.
- Using application whitelisting to prevent unapproved programs from connecting to your system.
- Granting access to important folders only to trusted users.
However, even these actions can not guarantee safety from ransomware. The only reliable way to protect your data is by restoring its pre-encrypted version.
When a ransomware attack happens, there are several actions to take. We recommend combining them to ensure nothing of value is lost.
After you have detected ransomware, immediately disconnect the infected device from the network (turn off Wi-Fi and unplug Internet cable). This will prevent ransomware from spreading through the network. Also, you should disable Onedrive sync and other sync services.
Recovery from OneDrive
You can protect OneDrive from ransomware with Microsoft native tools. To do this, login to OneDrive from the non-infected device. Your task is to identify the infected file and restore its previous version. Select the file and click Version history (or More, then Version History, if you have a classic OneDrive view). After that, Restore the file.
This method has a significant drawback. Multiple files may be infected and restoring them manually takes an enormous amount of time. It’s not that hard to restore one file, but imagine restoring tens of thousands.
Security software installed on your device is likely to have some anti-ransomware tools. Have a full scan of your system. The infected files will be detected. By removing them, you’ll restore the system.
However, do not rely on your security software too much. Antivirus software may not detect new versions of malicious software. In other words, even a full scan may not recognize ransomware with 100% accuracy.
Recovery from Backup
Native OneDrive ransomware protection and recovery tools are not convenient if you need to restore many files. Antivirus software or firewalls don’t always protect your data from ransomware.
That’s why recovery from a backup is the best Office 365 ransomware protection practice. Backup is a safe copy of your files which means you get back your items even if they were encrypted with ransomware. To access your backed up files, use a non-infected device.
Spinbackup is a cloud-to-cloud tool for the Office 365 backup and recovery. It allows you to recover Outlook and Onedrive files in their original form. You can choose the version you want to recover and Spinbackup will get back your data immediately.
Advanced Office 365 Ransomware Protection with Spinbackup
Spinbackup Office 365 Backup & Recovery is a cloud-to-cloud backup solution that allows businesses to meet the challenge of ransomware head-on.
Spinbackup provides the following backup and recovery features to ensure your Office 365 data is protected:
- Up to 3 automated daily backups.
- Safe data storage in Google Compute Storage, Amazon Web Services, or Azure clouds.
- In-flight and at-rest data encryption to keep your data safe in both transit and storage.
- Indefinite data retention.
- Weekly and monthly reports to monitor the status of your protected data
- Unlimited restore points to have a variety of versions to restore from.
- 100% accurate recovery using the same folders hierarchy from any point in time
For even better protection, you can try our comprehensive Ransomware Protection for Office 365. This product combines the backup features mentioned above and new anti-ransomware features:
- Detection of the ransomware attack source.
- Identification of the damaged (encrypted) files.
- Granular recovery from the last successfully backed up version.
- Email notifications and detailed reports in case of an attack.
New ransomware detection interface
Are you looking for a reliable way to recover your data in case of a ransomware attack? We recommend Ransomware Protection for Office 365. With this cloud-to-cloud backup and ransomware solution, you’ll stop any ransomware attack and restore your Office 365 files in a few clicks. Try Sinbackup and don’t let ransomware put your organization at risk.