![]()
For small to mid-sized businesses Microsoft Windows based systems remain dominant. Windows continues to be the operating system most widely used on desktops and laptops. And Microsoft Office remains the most widely used work office suite. So it’s no surprise that Windows systems remain the top target for ransomware, too.
A stunning 100% of IT professionals reported they had seen Windows systems infected by ransomware, as reported in Datto’s State of the Channel Ransomware Report. Ransomware typically encrypts your files and promises to decrypt data after a ransom payment. The collaborative capabilities of Office 365 make ransomware defense more challenging. Before Office 365, you wrote a Word document on your laptop, saved it on your system or file server, then emailed it as an attachment to share outside your organization. Copies of your file could exist in several places: your laptop, a file storage server, your sent email, and the inbox of the recipient. Thanks to shared files and OneDrive sync, your files may be in more places than ever.
Imagine…a user that shares a document with colleagues can end up with copies on multiple laptops. Each person with editing access might sync a copy to their system. When one person gets ransomware, files get encrypted – then the encrypted versions sync through to everyone else. The same is true for Sharepoint Online. As most business critical data is created in Sharepoint Online libraries, it’s important to note that ransomware is easily spread there via the sync client. In fact, 29% of IT professionals reported that their clients had encountered ransomware that targeted Office 365.
It takes just one visit to a malicious site, one accidental download, or one infected attachment to unleash ransomware.
The following strategies and tactics will help reduce your ransomware risk, protect your networks and devices, and ultimately help you recover your data when a ransomware event occurs.
Update! Update! Update! Ransomware defense begins with an up-to-date operating system, an up-to-date browser, and up-to-date patches. For a single user, that’s relatively easy to achieve.
But businesses must manage a large number of devices. While tools exist to help upgrade, update, and patch systems at scale, too often administrators leave things alone. In the real world we see out-of-date, unpatched software more than necessary. So review the following items to reduce your ransomware risk wherever possible.
Trending: If Downtime Strikes in 2018, Are You Ready?
Protect Email! Block Email! Don’t Open Suspicious Email! Email attachments often deliver a ransomware payload. “Here’s the file you need,” reads the text of the email—with an attachment. Too often, the recipient opens the file—and realizes later that it really wasn’t a needed file, but instead a malicious app. Microsoft gives Office 365 administrators the ability to block any of nearly 100 different file types. The most secure setting would be to simply delete all attachments. Anyone really needing to share files with people could upload a file to OneDrive, then share access. The recipient would receive a notification via email—but not the actual file! — and could then login to OneDrive to view files “Shared with me”. You should block files likely to be harmful. According to a Microsoft Security Intelligence Report from June 2016, the file types most often blocked by Office 365 Advanced Threat Protection were Word (.doc, .docm), JavaScript (.js), and executable files (.exe, .scr, .com, .pif, .cpl). To block these settings, login to your Office 365 Admin account, select the Security & Compliance tile, choose Threat Management, then Anti-malware. There, you may either edit the default configuration, or add additional screening criteria. A core set of executable files is blocked, including the following types: .ace, .ani, .app, .docm, .exe, .jar, .reg, .scr, .vbe, and .vbs. In addition to these defaults, you might also block the following types: .js (JavaScript file extension), .rar (a compressed file type), as well as .cpl and .pif, to protect against the most common concerns.
Keep Current – Backup Your Systems! Overall, keep your systems current, leave less secure legacy browsers behind, and patch your systems promptly. Shield your network with filtered DNS, and similarly rely on Microsoft’s SmartScreen to keep people safe from malicious sites and downloads as they browse. With a few tweaks to Office 365 settings, keep harmful attachments out of email. Above all: back up your data. Rapid recovery of your data and systems is possible after a ransomware attack … but only if you have a backup.
Discover Ransomware? When you discover ransomware on a system, remove the system from the network immediately. Unplug any ethernet cables and turn off any WiFi connections on the device. If you can’t change the WiFi setting, move the device out of range of your network. Isolate the system to prevent ransomware from infecting other networked systems.
To get started on better protecting your business, contact us today!