News/Trends, Product

Ransomware & social engineering — Will OneDrive have your back?

March 26, 2020 Ann Rosen, Director, Product Marketing

Bad actors stop at nothing to try to corrupt, steal, or encrypt your data. As health concerns continue to mount, bad actors prey on our worst fears and anxieties to globally spread malware, via fraudulent emails and website domains containing key search terms. Corona ransomware has already been discovered and is spreading via social engineered attacks.

Sadly, we can expect these social engineering tactics to further propagate because they are most effective when major world events, such as the global pandemic we face, are driving users to seek answers wherever they can find them. These criminals are feeding off of the most primal human fears, leading innocent people to let their guard down, open emails, and look at domains in the hope of keeping themselves and their families safe.

Are your employees being socially-engineered?

At times like these, this risk is higher than ever, and we should all be on high alert. Employees must make every effort to be vigilant. InfoSec and IT should ramp up their efforts and employee education as well. While we look to health authorities to share their expertise and provide guidance on protecting ourselves from the pandemic itself, we did want to share a few thoughts on protecting your data from new ransomware, spread by Corona fears. But really any ransomware.

We believe in a two-pronged approach to ransomware protection: prevention and recovery.

  • Ransomware prevention:
    The first line of defense against the spread of ransomware is ensuring your organization has mechanisms in place to prevent the proliferation of ransomware into your environment, whether your data resides on-premises or in the cloud, or both. In addition to elevated employee education, there are many vendors out there offering solutions to protect your perimeter from ransomware. Providers of cloud applications, like Office 365, include ransomware prevention tools in their solutions. But, no prevention is full-proof. The bad actors are unfortunately quite innovative and continue to release new, previously unknown, threats. Hence, why we see ransomware attacks keep making it into the headlines. In spite of strong defense mechanisms in place
  • Ransomware recovery strategy:
    We at Druva have a front-line seat into these ransomware attacks. Many of them don’t make it into the headlines, for obvious reasons. We know when our customers discover that their cloud application data has been infected by ransomware because they use Druva to recover their lost data. This brings us to the second, and a very important element in your cyber-resilience strategy. In the event that a ransomware attack breaks through past your prevention tools, you must have a data recovery strategy in place. It is widely recognized that a solid backup strategy is the best line of defense when your data is corrupted and locked by ransomware.
    BUT, here is the catch. Not just any backup will do. Your backup solution must be fully isolated, or ‘air-gapped’ from your primary data environment. Otherwise, your backup data may also get infected by the ransomware and you will have no clean data to recover from. In other words, your data may be lost forever.

The UK National Cyber Security Center (NCSC) has just revised its recommendations regarding ransomware recovery, in light of recent attacks. These recommendations were highlighted in a ZDNet article ‘Ransomware victims thought their backups were safe. They were wrong.’ NCSC emphasizes that not only must businesses maintain a backup of their data, but also that they should ensure those backups are kept separate from their network; for example in a cloud backup service dedicated to this purpose.NCSC further cautioned that cloud-syncing services, like Microsoft OneDrive, Sharepoint, or Dropbox, should not be relied upon as your only backup, since these services utilize synchronization technologies. Therefore, they themselves may get corrupted by ransomware as a result of synchronizing with an infected file. Essentially leaving you with no recourse to recover your data in the event of a ransomware attack.

We at Druva are here to help any company, looking to improve its cyber-resilience through a robust ransomware recovery strategy. Risk profiles are elevated during this time when many business users are working from home and using their devices remotely. Protecting end-user devices and data is more important than ever before.

We invite you to try our cloud backup solution for free, so you too can have peace of mind and fall back on pristine backup data if ransomware strikes. You can learn more about our Office 365 backup solution and our Endpoints data protection solution, so you can fully protect your environment, including Office 365 OneDrive, and end-user devices, against ransomware and other data loss threats.

coronavirus-blog