Healthy IT System, Happy Business!

Ransomware vs Business – The Terrain of Dispute: Cloud – Microsoft OneDrive.

A confrontation like a Champions League final, a match with potential finality for the host team, which is always decided in extra time and in which the protagonists do not rely on the weaknesses of the opponent but on how well they have each prepared.

We’ll see what the camp consists of next…

Yes, ransomware can infect OneDrive.

Although OneDrive has built-in security measures to protect your files, ransomware still has ways to get through.

For example, if you click on a malicious link or open an attachment, your computer will not be able to read it. could be infected with ransomware. Once the computer is infected, ransomware may be able to encrypt OneDrive files and demand a ransom to decrypt them. To protect yourself from this type of attack, it is important to be cautious when clicking on links or opening email attachments. You should also have good antivirus software installed on your computer.

The ransomware myth and OneDrive:

Ransomware is malicious software that encrypts files on a victim’s computer, making them inaccessible. Ransomware then demands a ransom from the victim to decrypt the files. Although ransomware attacks have been around for many years, they have become more prevalent due to the popularity of cloud storage services such as OneDrive. Because users often store critical files in the cloud, ransomware attackers see these services as prime targets. It is therefore essential to understand that although cloud storage services are convenient and usually very reliable, they are not immune to ransomware attacks. If you store important files in OneDrive (or any other cloud storage service), make sure you regularly back them up to a location other than where you currently do business, so you can recover your files.

Ransomware infects OneDrive:

Ransomware is malware that can encrypt your files and make them inaccessible until you pay a ransom. Ransomware can infect any file, including those stored on OneDrive. Although OneDrive offers some protection against ransomware, it is not secure. It is essential to enable two-factor authentication and be aware of certain signs that could indicate that your account has been compromised. Ransomware is usually spread through phishing emails or malicious websites.

Fortunately, there are steps you can take to protect yourself from ransomware. For example, you can use a reliable antivirus program and make sure you keep your software up-to-date. When you download an ad-on or extension for your browser. web, it is essential to be aware of the potential risks. Some malicious extensions will ask for permission to access OneDrive, which can be an entry point for a ransomware infection. OneDrive has built-in ransomware detection, which can notify you if your files have been compromised. appear to be encrypted or mass deleted.

Recommendations for keeping OneDrive folders protected:

Protect administrator/user login data: the Microsoft 365 administrator account is the key to storing an organization’s data in OneDrive. By stealing an administrator’s credentials, an attacker can access and damage all of an organization’s data, infecting files in OneDrive’s shared storage. This can also affect other users accessing the shared storage. It is therefore essential to protect both administrator and user credentials to prevent data loss and infection.
Enable two-factor authentication: this additional security measure requires you to enter a code from your phone or other device in addition to your password when you log in, making it more difficult for someone to hack into your account. Enabling two-factor authentication can help protect you from having your account stolen and locked.
Protect all computers in your organisation: protect your computers with antivirus and anti-malware software. By installing and configuring these programs, you can reduce the risk of ransomware infection and protect your OneDrive folders from encryption. Don’t forget to extend this protection to servers and virtual machines.
Stop execution of files in “appdata”, localappdata”: block execution of files stored in appdata and localappdata. By default, these directories are used by Windows applications to store data.
Lock “Macros” in Microsoft Office: Macros are small programs that can be embedded in Microsoft Office documents. They are commonly used to automate simple tasks such as entering data.
Perform all software updates: one of the most important things you can keep up-to-date. Software updates often include security fixes that fix known vulnerabilities. If attackers don’t find any weaknesses in your system, they will move on to someone else who is an easier target.
Educate your staff members: attackers often assume that users are inexperienced and download all attachments to emails, open files and click on all links. The IT department’s job is to tell users about threats and teach them to identify suspicious content. The most popular ransomware attack vector is sending phishing emails to users. A malicious link looks like a legitimate link, but redirects the user to download and install ransomware. Hover your cursor over the link and check the spelling of the URL. If even one character is wrong, avoid clicking on the link. Another tip is to never open ransomware email attachments. These files can encrypt your data and demand a ransom for the decryption key. Be especially careful with email attachments with these file extensions: .exe, .vbs, .docm and .js. Finally, make sure you have robust backup and disaster recovery solutions to quickly recover your data if you become a victim of ransomware.
Use Microsoft Exchange Online Protection: As ransomware and other email-borne threats continue to evolve, it’s more important than ever to have a robust email security solution. Exchange Online Protection is a native Microsoft 365 tool that can help you set up additional protection filters, such as the secure link filter and secure attachment filter. In addition, you can use Exchange Online Protection to block active content in attachments, such as macros in Word/Excel documents, VBScript and JavaScript.
Use cloud protection systems: enable Microsoft 365 Defender in your environment. Microsoft 365. Microsoft 365 Defender is a new name for Office 365 Advanced Threat Protection (Microsoft Defender for Office 365). The main features of Microsoft 365 Defender are intelligent threat detection, automated investigation and integrated protection against sophisticated ransomware attacks. Microsoft 365 Defender can be configured in the Microsoft 365 Security Center.
Use version – backup and data recovery strategy: OneDrive can be a valuable tool in this regard, as it can restore previous versions of files that have been modified or deleted. By selecting a previous version of the file, you can recover the necessary files without paying the ransom.
Set retention policies: retention policies define how long data is kept after it has been deleted, giving you time to restore any lost or damaged files. You can also use retention policies to ensure that old data is automatically deleted after a certain period, freeing up storage space and reducing costs.
Store backups in a safe place: with the growing threat of ransomware, it is more important than ever to store backups in a safe place. A backup repository must be well protected and not shared with other users (it should only be accessible by backup software and administrators). The best way to protect your backups is to store them in the cloud or on-premises separately from your primary data. This will ensure that, if your data is not available. primary backups are encrypted by ransomware, you will still have access to the backups.