File sharing solutions not only enable efficient file exchange. They can also be an extremely effective defence against ransomware.
Ransomware is a permanent security threat – for companies and public institutions as well as for private users. Hardly a month goes by without headlines about attacks with this type of malware. An excellent defence against it can be provided by systems that you don’t even have in mind in the first place: file-sharing solutions. To enable efficient file exchange, such solutions store files and documents on central servers and synchronize them with the users’ end devices. This central file management also makes them the ideal platform for preventing ransomware attacks. But to do so, they must have some special capabilities:
1. Maintain a blacklist
In most cases, ransomware changes the extensions of the files it encrypts. Thus, the file sharing system is able to keep a blacklist of extensions that are typical for ransomware – and to block the upload of files with such extensions to the central servers. This prevents infected files from being able to contaminate others, and the original files remain intact. This blacklist must be updated immediately as soon as new ransomware extensions are discovered.
2. Block affected user accounts
As an additional layer of security, the file sharing solution should automatically block user accounts that are affected by abnormal file changes. In this case, it is no longer possible to access the account via the client of the affected end device, which also prevents further spreading of the malware. Once the ransomware issue is resolved, the accounts should be unlocked by the administrator or the affected users themselves.
3. Determine the time of attack
About ten percent of ransomware does not change the file extensions, therefore hindering their detection by blacklisting. In these cases, a file sharing solution needs additional functions to reverse the unavoidable damage. These include a scanner with which the time of the attack can be identified clearly. This is the basic prerequisite for being able to recover affected files.
4. Reset encrypted files
For the purpose of restoring encrypted files, the file-sharing solution requires a “restorer”, which is basically an extension of its versioning capabilities. The restorer should allow any file to be reset to any point in time – which in the case of a ransomware attack would be the time immediately before the attack. Ideally, this “roll-back” function can be applied to individual user accounts, because then the import of large-scale backups is unnecessary and downtime is avoided.
“If a file sharing solution has the right features, it can provide comprehensive protection against ransomware,” says Holger Dyroff, Chief Operating Officer and Managing Director at ownCloud in Nuremberg. “Logically, however, it can only protect files and documents that are also stored on the solution’s central servers and synchronized with the end devices. Therefore, ideally, companies should use the file sharing solution to manage all files, or at least the most important and critical ones – even if they may not necessarily need to be shared”.