Be careful of what you sync to your Office 365 account

Be careful of what you sync to your Office 365 account

With the widespread adoption of cloud computing, security experts are concerned about the growing trend of ransomware in the cloud as well as ransomware on-premise. While ransomware typically holds local devices hostage, advanced strains of malware are targeting cloud-based productivity suites like Office 365 to hit more users working with valuable data.

How it works

Office 365 data is usually stored and accessed in the cloud, but if users enable offline syncing, the cloud platform retains local copies on your PC. This feature allows employees to work while they’re disconnected from the internet, and upload any changes to the cloud once they’re back online.

That means if the local version of your Office 365 document is infected with ransomware, your computer could accidentally upload corrupted files to your cloud system. And once the infection goes airborne, there’s a good chance other employees could accidentally download the ransomware-ridden file to their own hard drive.

In 2016, the Cerber ransomware caused similar issues. The malware was delivered via email with a file booby-trapped with malicious code. If the user is tricked into opening the document, the embedded code encrypts PCs; and if they were unlucky enough to have offline sync enabled in Office 365, the corruption would spread to their cloud data.

Even though Microsoft has released updates to deal with Cerber, new ransomware variations will probably show up to exploit offline sync vulnerabilities.

The solution

If the ransomware does manage to encrypt your computer, do not give in to the hacker’s demands -- there’s no guarantee that your data will be returned safely once you’ve paid. And even if the criminal does deliver on their promise, there’s a chance they took sensitive information from your business and sold it to the black market.

When you’re dealing with a ransomware-infected devices, security companies like Trend Micro and Kaspersky offer decryption solutions for a variety of known ransomware families, including Cerber and Cryptolocker.

The best defense against these attacks, however, is by avoiding them entirely. Stop the infection from spreading into your cloud by disabling ActiveSync and OneDrive for Business Sync. Then, use antivirus software and other threat detection tools to scan for and quarantine the ransomware. If employees are working in remote locations and need to sync offline, you should train your staff to run full system scans first before syncing their files to the cloud.

It’s also a good idea to have a secondary backup to your Office 365. Cloud backup solutions save ransomware-free versions of your files periodically in multiple data centers, adding an extra layer of data redundancy and allowing you to recover your files should your Office 365 system get infected.

Last but not least, consider working with a trusted managed services provider. Not only do they monitor your systems for ransomware and other web-based attacks, they also provide support for your Office 365 and cloud backup solutions.

Just like we predicted in our cybersecurity forecast, ransomware variations will continue to develop throughout the year. But if you proactively manage the security of your in-house hardware and cloud infrastructure, these threats won’t cripple your organization.

Ransomware infections can spread like wildfire, and we’re here to put it out. Contact our leading managed IT services in Atlanta at www.intelligis.com today.