Ransom Cloud & MS Office 365
With Ransomware, Bitcoin and strategies on how to protect ourselves becoming a daily topic around the watercooler; how safe are we? Antivirus, antimalware, in-cloud inspection are only as good as the patterns they are aware of. We protect our local data and critical systems by making backups of backups just to be able to recover from a ransomware attack and not pay the ransom. Then there is the cloud; Email, documents, databases and how safe are they? For the small to medium size business the term cloud gives end users and management a false sense of security that things are “OK”, providing the sense that we are immune to the vulnerabilities of local data.
I hate to be a bearer of bad news but there is hope – just keep on reading. Lately ethical hackers have developed and tested, a ‘ransom cloud’ strain that specifically targets Office 365 email users (cloud). The most common ransomware delivery tactics utilize social engineering in giving hackers full access to the email account. Once the targeted user clicks the link in the email, it really is game over. Within minutes the entire mailbox, emails and attachments are encrypted in real time. In addition, the infected mailbox receives a ransom email containing instructions on how to recover the data.
As per the graphic below, the encrypted emails are highlighted and the associated recovery instructions are detailed. Scary, isn’t it?
If the user does not have a proper backup of the .OST or .PST file there really is no easy way to recover them. Pay and pray is the way.
Can this be avoided? Maybe. It is getting harder for users to identify what is real and what is fake among the hundreds of emails they receive daily. We can certainly train our users and expose them to simulated threats and capture statistics, but this is typically not a priority. The best way to protect ones self is to always have a backup of all your emails. Old school, we used to that with .PST files when we had size limits on our mailboxes. New school, there are now solutions that will seamlessly backup your Office 365 emails directly from cloud to cloud, by maintaining potentially infinite number of restore points and providing instant recovery of emails. Can we prevent users from being ‘infected’, not really, but we must never stop trying. There are no tools or software that will stop the ‘click’.
What we can do; however, is give users a little more assurance that if things go sideways, there is an easier way to recover and it does not require Bitcoins. Please remember that this attack vector has been kept in the lab, so far; and when it does escape into the wild, we will be a little more cognizant of its existence. Furthermore, it is most likely that OneDrive will be targeted next.
Remember, think before you click!
If you have any questions regarding cloud email best practices, including how to protect your environment please contact Lanworks, we are always here with customer tested and customer proven solutions.