Office 365 & Ransomware: The Lurking Threat

For small to midsized businesses, Microsoft Windows-based systems remain dominant. Windows continues to be the operating system most widely used on desktops and laptops. And Microsoft Office remains the most widely used work office suite. So it’s no surprise that Windows systems remain the top target for ransomware, too. A stunning 100% of IT professionals reported they had seen Windows systems infected by ransomware. Ransomware typically encrypts your files and promises to decrypt data after a ransom payment.

The collaborative capabilities of Office 365 make ransomware defense more challenging. Before Office 365, you wrote a Word document on your laptop, saved it on your system or file server, then emailed it as an attachment to share outside your organization. Copies of your file could exist in several places: your laptop, a file storage server, your sent email, and the inbox of the recipient.

Thanks to shared files and OneDrive sync, your files may be in more places than ever. A user that shares a document with colleagues can end up with copies on multiple laptops. Each person with editing access might sync a copy to their system. When one person gets ransomware, files get encrypted — then the encrypted versions sync through to everyone else. The same is true for Sharepoint Online. As most business-critical data is created in Sharepoint Online libraries, it’s important to note that ransomware is easily spread there via the sync client.

In fact, 29% of IT professionals reported that their clients had encountered ransomware that targeted Office 365. It takes just one visit to a malicious site, one accidental download, or one infected attachment to unleash ransomware. The following strategies and tactics will help reduce your ransomware risk.

Update to Reduce Ransomware Risks

Ransomware defense begins with an up-to-date operating system, an up-to-date browser, and up-to-date patches. For a single user, that’s relatively easy to achieve. But businesses must manage a large number of devices. While tools exist to help upgrade, update, and patch systems at scale, too often administrators leave things alone. In the real world, we see out-of-date, unpatched software more than necessary. So review the following items to reduce your ransomware risk wherever possible.

Operating System

Microsoft system requirements list Windows 7 Service Pack 1 as the oldest desktop operating system suggested for Office 365. Remember, though, that Microsoft first released Windows 7 in 2009, and that mainstream support for it ended in January 2015. The first step is simple: run Windows 10 to reduce your ransomware risk. Microsoft found that “devices running Windows 10 are 58% less likely to encounter ransomware than when running Windows 7” in a “Ransomware Protection in Windows 10 Anniversary Update” report.

Browser

Microsoft built Office 365 to work with a variety of browsers, including Chrome, Firefox, and Safari, as well as Internet Explorer and Microsoft Edge. If you deploy Chrome, Firefox, or Safari in your environment, make sure these stay current, as well. Google updates Chrome about every six weeks, while Mozilla releases a new version of Firefox roughly every six to eight weeks. A once or twice-a-year browser deployment leaves people needlessly vulnerable to known and patched problems. Of Microsoft’s two browsers, choose Edge to reduce ransomware risks. Edge lacks support for some legacy features, such as ActiveX, that increased the potential for security problems in Internet Explorer. If you use Internet Explorer, upgrade to Internet Explorer 11, which will run on Windows 7 Service Pack 1 systems and all newer Windows operating systems.

Patches

Finally, while it may seem obvious, apply patches promptly. Ransomware and other malware pursue multiple paths around defenses—so it’s not enough to just update to devices monthly. An unpatched laptop that connects to your network, servers, or OneDrive today, may deliver malicious code to encrypt every file it can find tomorrow. So patch promptly. As a piece of mind, all of our Managed Services clients have these preventative measures in place to protect our clients from Ransomware. Click here if you are interested in learning more about these managed IT services.