Last Update: Sep 04, 2024 | Published: Oct 26, 2021
With the rise in remote workers the risk of ransomware is higher than it has ever been before. By now most people know that ransomware is a type of malware extortion scheme that typically encrypts files and folders preventing access to critical data or sometimes it can also be used to steal sensitive data.
After the attack there is a demand for money – usually in the form of Bitcoin – in exchange for the decryption keys or the promise not to release sensitive data. The threat of ransomware attacks continues to grow as exploits like Ransomware-as-a-Service (RaaS), which first emerged in 2016, gain in hacker popularity and enable a greater scale and easier proliferation of ransomware attacks.
Most ransomware attacks are focused on on-premises implementations. However, the threat of ransomware isn’t just limited to local devices. Cloud data like the data used by Microsoft 365 can also be at risk and it can be susceptible to data corruption. Let’s take a closer look at how ransomware can impact Microsoft 365.
As Microsoft 365 is collection of different programs like Word, Excel, OneDrive, and Teams it actually uses a number of different documents and data types.
Even though this data is typically stored in the cloud, all these data types can be potentially corrupted by ransomware. Ransomware can gain access to Microsoft 365 data in the cloud through a OneDrive synced connection or a mapped drive to a SharePoint Online library.
Sponsored: Afi.ai provides a modern solution for backing up Office 365 including full Teams support, SharePoint and OneDrive file metadata and sharing permissions, and many other advanced and modern features.
Microsoft 365 is one of today’s most popular cloud applications. Since it’s a cloud application, many users believe that Office 365 data doesn’t need any protection. A common misperception is that Microsoft will protect all your data. While Microsoft does offer a number of different types of protection from ransomware and malware it’s important to know that the customer is actually responsible for their own data.
A ransomware attack typically begins with a user opening an infected file or malware link on a local system which then infects local files. After the user’s local files are infected, they’re then synchronized to the cloud by the Microsoft 365 client sync tool.
Microsoft 365 has several different technologies that are designed to protect your data:
The AV scanning helps to protect against email phishing exploits, which are often how ransomware attacks get started. It can also help to reduce the spread of ransomware by blocking known malware. The versioning capabilities can help you recover from a ransomware attack.
However, as it works on an individual file basis, it tends to be too cumbersome to reverse large-scale encryptions. Microsoft actually recommends that you roll back entire document libraries and OneDrive to some specific point in time within the last 30 days. While this can eliminate corrupted or encrypted files it can also result in significant data loss.
If ransomware deletes the original file, then the Recycle Bin can be useful for restoring them within 93 days. Microsoft Defender for Office 365 provides stronger protection by sandboxing and monitoring files for suspicious behavior. However, it is not included in the base Microsoft 365 packages, and you have purchase it separately.
According to FBI data, the number of ransomware cases grew at 66% from 2019-2020. While historically most ransomware attacks have been directed toward on-premise infrastructure, the popularity of Microsoft 365 and other cloud offerings make it a mark that cybercriminals and hackers will certainly target more in the future.
There are signs this trend has already begun. This past October 2021, Microsoft reported that 250 Office 365 customers in the US and Israeli defense technology sector had been targeted with password-spraying attacks. In this type of attack hackers attempt to access accounts using common passwords.
The saying goes that prevention is the best cure and that’s true for ransomware attacks too. Some of the best ways that you can plan to protect your Microsoft 365 data from ransomware and other malware attack include:
In the end, Microsoft 365 data protection is the customer’s responsibility. Taking advantage of the Microsoft supplied data protection tools, as well as implementing your own data protection procedures, can help keep your Microsoft 365 data free from ransomware as well as to help you to recover from a ransomware attack.
For more information on how to protect data in Microsoft 365, read Can Ransomware Hit Your Microsoft 365 Data?