Microsoft works hard to update and secure its full-featured office productivity suite, Office 365. But because it is one of the most widely used office productivity suites in the world (more than 85 million active users worldwide and growing), it is also a target for hackers and thieves.
What can ransomware do to Office 365?
When we think of ransomware in Office 365, we usually think of a program that encrypts or restricts access to critical business systems until a ransom is paid. This is one type of ransomware, and it can cost businesses a lot of money. According to last year’s Ransomware report from Datto, 75% of respondents reported their clients suffered business-threatening downtime in the past year.
But ransomware can also be used to steal your data, including your critical data like customer information, research and development, financial data, and other protected information. For example, ransomware may be used to access your confidential trade secrets and threaten to expose them. It may be used to access customer financial information with a threat to sell it on the black market to the highest bidder.
Ransomware in Office 365 can interfere with your business operations or steal sensitive data from your company.
How does Ransomware attack an Office 365 Application?
The genius and the danger (depending on your point of view) of a ransomware attack is that criminals do not need to find a way to penetrate Microsoft’s protection layers to carry out their extortion attack. Instead, criminals often use social engineering schemes. For example, they can use a phishing scam. Verizon’s 2016 Data Breach Investigation Report revealed that phishing emails have an average open rate of 30%.
At the highest level, there are three main components to most ransomware attacks:
- Find a way in
- Land and expand
- Encrypt and ransom
Find a way in: Often the easiest way to trigger a ransomware attack is social engineering, which requires tricking an end user into opening an email that contains ransomware and which executes malicious code. Ransomware will masquerade as links to software updates or as macros.
Download our new Ebook to learn more.
Your legitimate user (who unknowingly acts as a security vulnerability) gets a message from an address that appears to be legit and in the seemingly official correspondence, they include a Trojan that has a payload disguised as a legitimate file.
Land and expand: Once your organization’s system has been breached, ransomware is built to expand quickly, locking down as much of your system as possible. Ransomware can be programmed to search for critical files locally, on the network, and in the cloud. It can contact command and control services, and finally, it can utilize access to spread to other machines. With Office 365 and other cloud apps, ransomware can easily propagate through sharing. Collaboration tools such as SharePoint Online and OneDrive for Business can inadvertently spread ransomware across multiple users, systems, and shared documents. The impact can be full access to your organization’s data, email, and potential data leaks or data destruction.
Encrypt and ransom: Finally, ransomware, unlike other types of malware, will encrypt your files or lock down your system. Infected end user devices will receive a message that their data is being held ransom. Hackers typically demand payment in cryptocurrency to unlock or release victims’ systems and data. However, there is no guarantee that the hacker has not damaged your data or will return control to your organization. Often as not, your data is destroyed and inaccessible even after ransom has been paid!
Is it possible to prevent a ransomware attack?
Unfortunately, ransomware is a rampant problem in the business IT environment. Datto surveyed 1,100 IT service providers about ransomware and cybersecurity and found that 94% reported ransomware infection despite having antivirus software in place. While antivirus and information security platforms can do a lot to help protect your systems from malware, they don’t have a great track record for preventing ransomware in Office 365.
What can protect my business from ransomware?
The best protection against ransomware is frequent, reliable, secure data backups. When the data is backed up frequently, old (uninfected) data can be easily restored to replace data that’s blocked or infected with ransomware.
It’s important to note that ransomware, like many other forms of malware, can remain dormant in the system for a period of time before activating itself. Therefore, a backup system should retain several months’ worth of backups in order to provide good protection from ransomware.