Select Page

Cyren Security Blog

The Cyren Security Blog is where Cyren engineers and thought leaders provide insights, research and analysis on a range of current cybersecurity topics.

Protect Office 365 Email from Ransomware

Ransomware is continually evolving. It has become the “most prominent malware threat”, with experts estimating that ransomware attacks in 2021 resulted in total damage costs of $20 billion. While there is no ransomware that specifically targets Office 365 data, it can still affect Exchange Online, Sharepoint Online, and other cloud data. We can expect ransomware criminals to increasingly utilize cloud applications in the future, so now is the time to start preparing. Let’s discover how ransomware can impact Office 365 and how one can recover from this kind of attack.

Ways Ransomware Can Affect Office 365

Unfortunately, t​he FBI’s Internet Crime Complaint Center reported 2,084 ransomware complaints from January to July 31, 2021 – representing a 62% year-over-year increase. While it’s not reported how many of these attacks were Office 365-related, there are many ways that ransomware can impact your Office 365 account.

Entry Point for Phishing

Email phishing is the most prominent type of ransomware attack. Criminals utilize Microsoft 365 Exchange Online to infect users’ devices by sending messages that contain infected attachments or links to malware.

Spread More Rapidly

After infecting the first machine through Exchange Online or another vector, ransomware can easily spread further within the organization. Most ransomware strains rely on spreading the following ways:

  • Harvesting Credentials and Passwords: Cybercriminals can easily harvest credentials that are stored on infected machines to access other systems.
  • Network Scanning: Scanning networks can help to identify & prioritize critical data sources to target.
  • Exploiting Vulnerabilities: Exploiting local network protocols vulnerabilities helps to spread ransomware in order to attack other machines.

8 Tips to Prevention and Recovery from Ransomware Attacks

1. Implement Two-Factor Authentication

In order to strengthen access requirements, and lessen the chance of being hit by ransomware or malware, make sure two-factor authentication is enabled.

2. Backing Up Your Microsoft 365 Data

Cloud data is your business’ responsibility and it is recommended that organizations using Office 365 implement some type of third-party backup as well as a data protection mechanism. Making backups definitely increases your ability to recover from a ransomware attack.

3. Verify Your Backups

In addition to making the backup in the first place, it is important to consistently verify that the backups are complete on a weekly or daily basis, depending on how much data your company works with.

4. User Education

User education is the best way to prevent attacks from the core. Opening email attachments or other links that are infected is the primary avenue for introducing ransomware into the organization. Training employees to identify and avoid phishing and bad email attachments/links can stop ransomware.

5. Disable User Access to Mailboxes

If there does happen to be an attack on your company’s email accounts, you’ll want to immediately disable all user access to mailboxes, so that further risks are mitigated.

6. Remove Malware From Affected Devices

Once a device is already infected, you will want to make sure any malware is removed from the device. This may involve using a software to deep scan the device and delete anything it may deem an issue.

7. Report the Attack

In order to keep others safe from similar attacks, you will want to report any cyber incidents.

8. Utilize Ransomware Protection Software like Cyren Inbox Security

Ransomware protection softwares like Cyren Inbox Security continuously monitor Office 365 inboxes and automatically remediate advanced email phishing attacks that evade SEGs. Unlike one-time passes done by SEGs, Cyren utilizes Office 365’s native API integration to continually look for threats – helping protect from evasive phishing attacks. 

How Microsoft 365 is Protected from Ransomware

Microsoft has four built-in mechanisms that protect Microsoft 365 data from ransomware attacks. Let’s explore these different options and how they can help you protect your enterprise.

1. Detection and Filtering

These features are included and enabled in Microsoft 365 plans. Exchange Online Protection (EOP) works to scan, receive, email, and filter phishing emails and infected attachments. SharePoint/OneDrive has a built-in anti-malware engine that scans all suspicious files as they are uploaded or accessed. It then deletes and blocks them if malware is detected.

2. File Versioning

File versioning is also available for SharePoint and OneDrive in Microsoft O365 plans. Standard versioning has different limitations, such as how any user who has edit rights to the file can delete the version history. These limitations can be resolved by utilizing the Compliance Center retention policies.

3. (Post-deletion) Recovery Capabilities

These capabilities can enable admins to recover anything permanently deleted from Exchange Online, SharePoint or OneDrive within 25-30 days after deletion.

4. Sandboxing

Sandboxing is available in Microsoft ATP. Amongst other features, ATP monitors suspicious email attachments within a safe environment, to detect unknown, zero-day threats.

Final Thoughts

Ready to learn more about how you can protect your business from O365 ransomware attacks? Get a demo with the Cyren team today.

Aug 9, 2022 | Office 365

You might also like

What is Microsoft Office 365 Advanced Threat Protection?

Office 365 Advanced Threat Protection (also known as ATP and Defender) can provide your organization with advanced security features - keeping you protected from cybersecurity threats. With today's cybersecurity landscape, where new threats appear daily, if not...

The Hidden Costs of Phishing & BEC

By Max Avory A couple of months ago we sat down with Damian Stalls, vCIO director at Fluid Networks to discuss how they dramatically reduced the time their security analysts spent managing the problem of phishing, BEC, and user education. Here were some of the...