Ransomware is continually evolving. It has become the “most prominent malware threat”, with experts estimating that ransomware attacks in 2021 resulted in total damage costs of $20 billion. While there is no ransomware that specifically targets Office 365 data, it can still affect Exchange Online, Sharepoint Online, and other cloud data. We can expect ransomware criminals to increasingly utilize cloud applications in the future, so now is the time to start preparing. Let’s discover how ransomware can impact Office 365 and how one can recover from this kind of attack.
Ways Ransomware Can Affect Office 365
Unfortunately, the FBI’s Internet Crime Complaint Center reported 2,084 ransomware complaints from January to July 31, 2021 – representing a 62% year-over-year increase. While it’s not reported how many of these attacks were Office 365-related, there are many ways that ransomware can impact your Office 365 account.
Entry Point for Phishing
Email phishing is the most prominent type of ransomware attack. Criminals utilize Microsoft 365 Exchange Online to infect users’ devices by sending messages that contain infected attachments or links to malware.
Spread More Rapidly
After infecting the first machine through Exchange Online or another vector, ransomware can easily spread further within the organization. Most ransomware strains rely on spreading the following ways:
- Harvesting Credentials and Passwords: Cybercriminals can easily harvest credentials that are stored on infected machines to access other systems.
- Network Scanning: Scanning networks can help to identify & prioritize critical data sources to target.
- Exploiting Vulnerabilities: Exploiting local network protocols vulnerabilities helps to spread ransomware in order to attack other machines.
8 Tips to Prevention and Recovery from Ransomware Attacks
1. Implement Two-Factor Authentication
In order to strengthen access requirements, and lessen the chance of being hit by ransomware or malware, make sure two-factor authentication is enabled.
2. Backing Up Your Microsoft 365 Data
Cloud data is your business’ responsibility and it is recommended that organizations using Office 365 implement some type of third-party backup as well as a data protection mechanism. Making backups definitely increases your ability to recover from a ransomware attack.
3. Verify Your Backups
In addition to making the backup in the first place, it is important to consistently verify that the backups are complete on a weekly or daily basis, depending on how much data your company works with.
4. User Education
User education is the best way to prevent attacks from the core. Opening email attachments or other links that are infected is the primary avenue for introducing ransomware into the organization. Training employees to identify and avoid phishing and bad email attachments/links can stop ransomware.
5. Disable User Access to Mailboxes
If there does happen to be an attack on your company’s email accounts, you’ll want to immediately disable all user access to mailboxes, so that further risks are mitigated.
6. Remove Malware From Affected Devices
Once a device is already infected, you will want to make sure any malware is removed from the device. This may involve using a software to deep scan the device and delete anything it may deem an issue.
7. Report the Attack
In order to keep others safe from similar attacks, you will want to report any cyber incidents.
8. Utilize Ransomware Protection Software like Cyren Inbox Security
Ransomware protection softwares like Cyren Inbox Security continuously monitor Office 365 inboxes and automatically remediate advanced email phishing attacks that evade SEGs. Unlike one-time passes done by SEGs, Cyren utilizes Office 365’s native API integration to continually look for threats – helping protect from evasive phishing attacks.
How Microsoft 365 is Protected from Ransomware
Microsoft has four built-in mechanisms that protect Microsoft 365 data from ransomware attacks. Let’s explore these different options and how they can help you protect your enterprise.
1. Detection and Filtering
These features are included and enabled in Microsoft 365 plans. Exchange Online Protection (EOP) works to scan, receive, email, and filter phishing emails and infected attachments. SharePoint/OneDrive has a built-in anti-malware engine that scans all suspicious files as they are uploaded or accessed. It then deletes and blocks them if malware is detected.
2. File Versioning
File versioning is also available for SharePoint and OneDrive in Microsoft O365 plans. Standard versioning has different limitations, such as how any user who has edit rights to the file can delete the version history. These limitations can be resolved by utilizing the Compliance Center retention policies.
3. (Post-deletion) Recovery Capabilities
These capabilities can enable admins to recover anything permanently deleted from Exchange Online, SharePoint or OneDrive within 25-30 days after deletion.
Sandboxing is available in Microsoft ATP. Amongst other features, ATP monitors suspicious email attachments within a safe environment, to detect unknown, zero-day phishing threats.
Ready to learn more about how you can protect your business from O365 ransomware attacks? Get a demo with the Cyren team today.