Ransomware is becoming more into the South African market. Lots of vendors are attempting to assist in remediation and prevention process. I would like to shed some light on how OneDrive has implemented the Ransomware Detection into their systems. Microsoft has implemented a 4 step process. When Office 365 detects a Ransomware attach, you will receive an email from the Microsoft Security team.
Here are the steps:
- You will receive an email notifying you. Follow the email and it will take you through the recovery process
- Confirming if your files have been infected
- Clean all your devices connected to OneDrive
- Restoring OneDrive.
Here is an example of the notification:
Or if you go to view your data online, you may get this prompt should the system find signs of the threat.
Here is a full run down from Microsoft.
Ransomware is not something that can be stopped right with the various vulnerabilities available. However, you can take measures to prevent this like Mail filter, Ensuring all machines and devices are patched. Patching of devices also needs to b e monitored as vulnerabilities arises from new patches as well. DNS monitoring is important. As when you get exposed with Ransomware, it calls back to an internet server. If your DNS is monitored it will pick up some external source is attempting to connect and may just by you enough time to roll back the system.
Ensuring backup is done regularly on your systems. Here are some guides to get you setup to prevent. Always remember, “prevention is better than cure!”.