Despite warnings from cyber-security experts, ransomware keeps racking up victims. With new security capabilities for Office 365, Microsoft is offering users ways to fight back.
Ransomware is a prime example of how cyber-criminals are not only weaponizing software exploits, but also monetizing them. Once it gains a foothold on a victim's system—typically a Windows PC—ransomware encrypts a user's data, holding it hostage until a ransom is paid in return for the decryption key.
Last month, the City of Atlanta was hit by a large-scale ransomware attack. Mayor Keisha Bottoms confirmed on March 22 that a number of the city's IT systems, including some customer-facing applications involving the courts and bill-payment systems, had been affected. The attackers demanded $51,000 in ransom, payable in Bitcoin.
According to the 2018 IBM X-Force Threat Intelligence Index, ransomware is on the rise and making it difficult to gauge the current state of the cybercrime landscape. Although data collected by Big Blue's security research unit shows that the number of stolen customer records dropped to 2.9 billion in 2017, a 25 percent decrease compared to 2016, ransomware muddies the waters since organizations are not required to report this type of cyber-attack.
Beginning April 5, Office 365 Home and Personal users who store their files on OneDrive have a measure of protection against this threat. "Office 365 can now detect ransomware attacks and help you restore your OneDrive to a point before files were compromised, so you don't have to submit to cyber-criminal demands," blogged Kirk Koenigsbauer, corporate vice president of Microsoft Office.
"If an attack is detected, you will be alerted through an email, mobile, or desktop notification and guided through a recovery process where you’ll find the date and time of attack preselected in Files Restore, making the process simple and easy to use," continued Koenigsbauer. "As these threats evolve, we are continuously improving detection capabilities to help keep you safe from the most advanced ransomware."
Microsoft also brought its Files Restore feature to consumer OneDrive accounts. Previously available in OneDrive for Business accounts, the feature allows users to restore an entire OneDrive file repository to a previous point in time, up to 30 days, said Koenigsbauer. This helps users recover from ransomware, as well as file corruption, accidental erasure and other mishaps that can lead to data loss.
Over the next few weeks, OneDrive users will also gain the ability to password protect OneDrive links to shared files. Meanwhile, Outlook.com will begin offering built-in email encryption and a Prevent Forwarding option that restricts email recipients from forwarding sensitive emails and their attachments to a third party.
Finally, in the second half of 2018, Microsoft will add a security-enhancing link checking feature to Word, Excel, and PowerPoint. When users click on an embedded links to websites that serve up malware or are associated with phishing scams, the apps will point users to a warning screen that alerts them to the threat and urges them to turn back.