Provide Ransomware detection and recovery
We are seeing an increase in this cases of cryptowall and ramsonware, were users see their computers infected with this virus.
The virus will encrypt all user files (jpg, pdf, xlsx,docx, etc.) except system files.
It would be very helpful, to have the option to have OneDrive files restored to a previous date, even if that option was only available at a OneDrive Support level.
If this option is not possible, due to server space to store all info in duplicated, it would be easier from the technical side to block .ccc, .micro, and other known file extensions in OneDrive.
This would preserve the integrity of the user's files stored in OneDrive and add an extra layer of user's files stored in OneDrive.
Big update — Today we’re rolling out ransomware detection & recovery for Office 365 Home & Personal subscribers. We can now detect ransomware attacks and help you restore your OneDrive to a state before files were compromised. If an attack is detected, you will be alerted through an email, mobile, or desktop notification and guided through a recovery process where you’ll be able to restore your files to the state they were in before they were compromised.
To enable the recovery process, we’re bringing over the Files Restore feature from OneDrive for Business to your personal OneDrive account. Files Restore allows you to restore your entire OneDrive to a previous point in time within the last 30 days. In addition to helping recover from an attack, Files Restore helps with an accidental mass delete, file corruption, or other catastrophic event.
For more information, check out our blog post here — https://blogs.office.com/en-us/2018/04/05/defend-yourself-from-cybercrime-with-new-office-365-capabilities/
This is a really good idea. The thing to keep in mind is that some of the latest cryptolocker programs encrypt and decrypt files repeatedly in an attempt to ensure that any off-line backups are crypto-locked before finally locking the files on disk and demanding ransom.
The solution to that would be to check files to make sure that .docx and .xlsx files seem to make sense, that they don't seem encrypted when being copied to the cloud.
Perhaps OneDrive could flag as suspicious an attempt to alter a very large percentage of files (As Cryptolocker attempts to alter 100%) requiring a client confirmation before cloud files can be altered.
Remi Øvstebø commented
Some sort of mass roll back functionality like Dropbox has to be implemented!
Sommer White commented
If I could provide all of my votes to this, I would immediately. I have just lost about 1/3 of my files due to this, and all of them are curriculum I've developed over years as a teacher.
A company called livedrive actually had this feature. But stopped as it's a lot of work. I worked for them lol.
infortunatly it happens with me .
It would be a unique selling point, too: No other cloud storage provider has such an option!
Ransomware is becoming a bigger problem. Files stored on OneDrive could be affected if a system automatically syncs after the system has been infected.
One way to protect against this would be to allow users to turn off automatic sync'ing. Instead, sync'ing would require one or two steps in order to occur. This way, if a system is infected, the files stored on OneDrive will not be affected.
I got hit by a Cryptowall not a while ago.
Of course it also encrypted my Onedrive folder which propogated to the cloud. Luckily I could easily get my folders back thanks to previous versions. But it took me nearly a day doing this for all my files.
This could easily be prevented if only we could setup a timer before the sync starts after detecting a change.
Many files have previous versions, but I have 12GB of unencryptable data to rollback, have tried to find a way to roll back changes en masse, but no results :(