OneDrive
Feedback by UserVoice

I suggest you ...

← OneDrive Archive

Provide Ransomware detection and recovery

We are seeing an increase in this cases of cryptowall and ramsonware, were users see their computers infected with this virus.

The virus will encrypt all user files (jpg, pdf, xlsx,docx, etc.) except system files.

It would be very helpful, to have the option to have OneDrive files restored to a previous date, even if that option was only available at a OneDrive Support level.

If this option is not possible, due to server space to store all info in duplicated, it would be easier from the technical side to block .ccc, .micro, and other known file extensions in OneDrive.

This would preserve the integrity of the user's files stored in OneDrive and add an extra layer of user's files stored in OneDrive.

Thanks,
Alex

2,093 votes
Vote
Sign in
(thinking…)
Sign in with: Facebook Google
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close
You have left! (?) (thinking…)
Alex T. shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →
boom! it's done  ·  Douglas Pearce responded  · 

Big update — Today we’re rolling out ransomware detection & recovery for Office 365 Home & Personal subscribers. We can now detect ransomware attacks and help you restore your OneDrive to a state before files were compromised. If an attack is detected, you will be alerted through an email, mobile, or desktop notification and guided through a recovery process where you’ll be able to restore your files to the state they were in before they were compromised.

To enable the recovery process, we’re bringing over the Files Restore feature from OneDrive for Business to your personal OneDrive account. Files Restore allows you to restore your entire OneDrive to a previous point in time within the last 30 days. In addition to helping recover from an attack, Files Restore helps with an accidental mass delete, file corruption, or other catastrophic event.

For more information, check out our blog post here — https://blogs.office.com/en-us/2018/04/05/defend-yourself-from-cybercrime-with-new-office-365-capabilities/

Show previous admin responses (1)

71 comments

Sign in
(thinking…)
Sign in with: Facebook Google
Forgot password?
Create a password
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Colin commented  ·   ·  Flag as inappropriate

    Annoyingly the previous versions of files is not available via the API either, as it would be trivial to write a script to restore the previous n - 1 versions, or the previous day's state.

  • Simon Limberg commented  ·   ·  Flag as inappropriate

    Also add for entire OneDrive root folder, for full restore to previous days (in case of ransomware attacks and wipers etc).

  • Tomas Szigeti commented  ·   ·  Flag as inappropriate

    Blocking file extensions as proposed is kind of working, yes it blocks the file but there is a limit in how many characters there could be in the blocking file update routine, Microsoft had looked into the matter and told me that it is by design and they can not change that behaviour now so you can't block them all, you have to choose with files to block from the lists on internet. Choose wisely my dear padwan.

  • Johan Bennink commented  ·   ·  Flag as inappropriate

    Doesn't onedrive keep versions of files, so an option to roll back to a specific date for all files or an entire folder or a single file would be enough to restore your files? Or am I mistaken in thinking onedrive stores previous versions of my synced files?

  • Jarrod commented  ·   ·  Flag as inappropriate

    +infinity I just dealt with a client who lost everything thinking he had the right backups in place. All it took was one pc to encrypt the files and sync with one drive and everybody automatically got hit. Local network data was restored but they have practically lost everything cloud based

  • Anonymous commented  ·   ·  Flag as inappropriate

    In https://onedrive.uservoice.com/forums/262982-onedrive/suggestions/6327142-enable-file-versioning-history-for-all-types-of

    you delivered file versioning for all file types. This gives good protection against ransomware and accidental modification.

    However to be usable it is necessary that I can restore a whole directory - I have thousands of files and a 1 by 1 approach will not work.

  • MS fan commented  ·   ·  Flag as inappropriate

    How in the world could this STILL not be a feature, in these days of crytpo ransomware?
    What is the point of backup that does not protect against ransomware, in 2017?
    PLEASE Microsoft!

  • Anonymous commented  ·   ·  Flag as inappropriate

    With the newly announced Files on Demand feature, if a participating device is infected, does the user's life end? could the user be alerted to suspicious activity and offered a rollback to an automatic backup? (heck, versioning would be handy on more things than just docs)

  • Anonymous commented  ·   ·  Flag as inappropriate

    Detecting a ransomware event as suspicious activity would be helpful, and offering a one-click rollback would give peace of mind beyond the current guidance of "back up onedrive to an external drive regularly"

  • Anonymous commented  ·   ·  Flag as inappropriate

    This is going to be particularly important with the newly announced Files On Demand feature

  • Andreas commented  ·   ·  Flag as inappropriate

    Enabling users to block critical file extensions like possible in OneDrive Business would really significantly improve security. I am seriously concerned about Ransomware and this option would give me a bit more peace of mind.

  • MERRY commented  ·   ·  Flag as inappropriate

    I've the Identical problem

    [1] How sanitise One Drive (so freeing OneDrive from the MERRY virus)?

    [2] (Nice to have) How to un-encrypt docs encrypted with the MERRY virus?

    (But of the two [1] is the VITAL one)

  • Nathan commented  ·   ·  Flag as inappropriate

    With Ransomware being such an issue these days and Microsoft always touting how important security is, I am really surprised this is not a higher priority. My CIO is always complaining about the lack of security around OneDrive for Business and why traditional storage is better.

    For people that deploy OneDrive in the enterprise there is a few things preventative measure you can do to limit ransomware's ability to spread. These are not silver bullets and with ransomware changing so rapidly they might need tweaking to stay relevant.

    1) block known ransomware extensions within OneDrive Admin portal. Microsoft recently released an admin portal for OneDrive (Office 365) and within it you can block any file extension you name. With the help of google you can find update list with ransomware file extensions.

    2) This option is only for people that use Cloud App Security, Within Cloud App Security you can build policies based off user behavior. One thing I noticed with a verison of locky is the first thing it does is renames all the files. So I built a Cloud App Security policy that says if a user renames 5 files within a minute, send notification to IT Admins and suspend user.

    Hope this helps.

2 4

OneDrive Archive: OneDrive.com

Categories

Feedback and Knowledge Base

(thinking…)


OneDrive Tech Community

UserVoice Terms of Service & Privacy Policy