Protecting your Office 365 from ransomware
Over the past few years, awareness of ransomware has rocketed. Something that originally sounded like it described the outfits Dick Turpin and his pals donned before hitting the highway, it’s now widely understood to be one of the biggest headaches that a company relying on IT can face. So that’s pretty much any company in the world.
US Deputy Attorney General Rod Rosenstein isn’t downplaying the impact such developments have on his country when he explained that the cost of global cybercrime is set to double, from $3 trillion in 2015 to $6 trillion in 2021. He recognises that a company’s lifeblood is contained in its networks and flow of information contained therein. Sophisticated criminal enterprises or even nation states can target any computer network and cause a huge amount of damage in very little time. It’s truly a global issue. In the States alone, the Department of Justice highlighted that ransomware attacks quadrupled from 1,000 per day in 2015 to more than 4,000 in 2017.
Coincidentally, a large percentage of businesses worldwide have moved from traditional Microsoft products to Office 365, a cloud-based software system that’s revolutionising how people work. No longer do you have to send large attachments that clog up internal networks; now you just share them with one click. Mobile working has never been easier.
Unfortunately, hackers are always up with developments in the IT industry, if not one step ahead. While Microsoft’s official pages will put many users’ minds at rest with a long and detailed description of how their product is safe, in reality, no system is safe in today’s rapidly moving online world.
Pre-arming your system
As you’ll no doubt be aware, the best form of beating any malicious attack is to barricade against it. If your computer is an impenetrable wall that can’t be held to ransom in the first place, you shouldn’t have a problem with ransomware.
A layered approach works best for Office 365 and other cloud apps. The following is an overview of steps you should take to defeat ransomware at the door:
– Provide security awareness and education. Knowledgeable staff are much less susceptible to threats. If they do fall foul of ransomware but know what to do immediately, they will also reduce the risk of the infection spreading.
– Always run antivirus/antimalware software, and ensure it’s up to date. Known ransomware attacks such as Tescrypt, Crowti, Reveton, Nymaim and Troldesh are all protected against on all modern antivirus programs.
– Enable the inbuilt Microsoft Active Protection Service (MAPS). This uses cloud-delivered malware-blocking protection and uses the latest ecosystem-wide detection technologies.
– Regularly backup your files. This classic antivirus tactic is equally effective against ransomware. Enable System Restore, use manual synchronisation methods, or even do it the old-fashioned way by manually moving your files to another drive. Keep backup files in external, non-synced drives.
– Use OneDrive for Business. This will allow you to recover files stored in it.
– Beware of Phishing emails and Malicious attachments. Another solid piece of advice in general. If it looks dodgy – say it contains an exe file or an Office document with macros – don’t open.
– Install Windows Updates. By doing this you’ll ensure new functionalities, features and patches Microsoft have released will be available to you. Windows XP and 2003 are particularly vulnerable. Update them.
– Install the latest Browsers and mail clients. Most Microsoft browsers now have SmartScreen that stops unwitting users visiting malicious websites in the first place. Java is another good one to keep updated.
– Enable file history or system protection
– Use Exchange transport rules to protect against emails with attachments. This will warn users about the risk of macros, and track users who have received a file extension that supports macros.
– Disable macros in Office documents. It’s the simplest, risk-free way to stop untrained staff opening a can of worms.
– Provide end-user training. This is imperative as end users can easily become “malware gateways” into your organisation.
Recovering from a ransomware attack
If the unthinkable does happen and despite your careful preparations you fall foul of a ransomware attack, all is not lost. Recovering your data in Office 365 can be achieved by following this step by step IT contingency plan:
– Go offline. Do this immediately to stop the spread. Unplug Ethernet cables and turn off WiFi. Isolating the infected system is the first step in curing it.
– Restore files with OneDrive for Business. You may be able to simply revert to an earlier, ransomware-free version of a corrupted file, because OneDrive saves file version histories. Use a system that’s not been infected to check this option. This does have limits though, as non-Office files won’t have version histories.
– On-device recovery. Run a complete scan with your security software.
– Restore from backup. This is the only true protection from ransomware. If you’re sure your backed up data is clean, wipe the infected device, reinstall the apps, then replace its contents with the old data.
Recovering from being held to ransom is laborious, costly and stressful. Preventing the attack in the first place can be time-consuming too, but it’s always the better option.
Talk to our IT support team today to discuss how we can help protect your IT services from ransomware. We offer a range of proactive IT support and cybersecurity training options, we operate across the Northwest of England in towns including Macclesfield, Stockport, Cheshire and Manchester.
Click here for CARA’s contact details or click her to visit our IT Security pages
