Congratulations! You have finally migrated all your data into cloud storage, and no longer have to worry about outgrowing your storage solution or the possibility of losing information because of hardware failure. While this is a great relief to you, it is important that you not let your guard down in relation to ransomware. Just because your data is no longer on-site doesn’t mean it is safe from ransomware.
We’ve discussed previously how ransomware works, encrypting data files and holding them hostage until a ransom is paid. That ransomware usually gets on your network through email. A few ways ransomware can access your network are through a download of an email attachment, a malicious link that a user clicks on, or a removable drive.
So, now your user’s computer has this ransomware on it, and it’s starting to encrypt the files on the computer. As it encrypts the files, the cloud sync sees it as a changed file, and synchronizes it to your cloud data. Other computers that are synced to that cloud data see the changed data and pull it down to synchronize on their computers. In this fashion the malware spreads like a wildfire, and before you know it, your data in the cloud is encrypted and unavailable to you. The cloud has not saved you.
However, it doesn’t have to be this way. If you have been following our blogs, you know we’ve previously discussed backups and business continuity; these are things that can save your bacon, but only if you have already implemented them. Let’s have a quick refresher, shall we?
Check if your cloud service has versioning, and that it’s been enabled if they do. If so, you may be able to roll back to a previously known acceptable version. This may not be available with the cloud service you are using, so you’ll need to rely on backups for recovery.
Yep, backups. Your data being in the cloud does not remove the need to have your data backed up. The 3-2-1 Backup Rule is to keep at least three copies of your data, and store two backup copies on different storage media, with one of them being located off site. At least one of these backups should be offline, not connected to your network. You can use that offline backup to recover your data, without paying the ransom fee.
Of course, the best solution, as with many things, is prevention.
If you are using Microsoft’s Office 365 cloud solution, you can utilize Microsoft Defender for Office 365. This solution provides anti-malware, anti-phishing, anti-spam, safe links and safe attachments; these tools can help prevent spam and phishing email to get to your users’ mailboxes and cloud storage.
Educating your users regarding social engineering and phishing is a large part of prevention. Some of these emails are designed to appear legitimate, so give your employees the tools they need to discern legitimate email from any spam or phishing email that makes it to their mailbox. What may seem like obvious spam to you may not be as recognizable to your users.
Apply security patches and updates regularly, to both your servers and your users’ computers. Hackers can use these known vulnerabilities to access your systems and have their way with your data, downloading it, encrypting it, or both. You wouldn’t leave your door wide open before going away for vacation; don’t leave your technological doors open either.
Employ virus and malware scanning technology to detect and block threats. The earlier you detect a problem the less damage can be done, and the faster recovery can happen. None of this information is new, but it is important information that should not be taken for granted. We all have a lot of projects on the table. However, we can’t afford to lose sight of the value of our corporate data and must take the appropriate steps to protect it.
Please contact us if you would like to learn more about your options.