Ransomware and Microsoft 365: What IT Pros Should Know

Microsoft 365 uses zero trust architecture, one of the best advances in data security. The tech company has also touted its software as one of the most secure options for businesses, and it has invested heavily in expanding its cybersecurity features. These improvements are admirable, but IT pros should not rely solely on Microsoft to protect their data, especially when it comes to ransomware attacks.

Ransomware Attacks Are on the Rise Worldwide

These cyberattacks have become increasingly common and profitable in the business world. Hackers have not slowed down their efforts and are not above targeting even small business owners and popular blogs.

Forbes recently published statistics that should serve as a wake-up call for companies, regardless of their size or the systems they use. Consider the following:

• Compared to 2020, businesses in 2021 experienced 50% more cyberattack attempts each week.
• 93% of company networks are vulnerable to breaches.
• 82% of CIOs reported vulnerabilities in their supply chains.
• Hackers have stolen roughly $43 billion since 2016 by compromising business emails.
• Attacks by phone calls and emails rose by 10% in the second half of 2021.
• Only 50% of small and medium-sized businesses have cybersecurity plans in place.

Companies should also account for the rising cost of attacks. In 2021, companies worldwide paid an average of $1.85 million to recover from these attacks. The number was even higher for the United States, at $2.09 million. Compare this to $761,00 on average in 2020.

Cybersecurity Experts Recognize a Ransomware Knowledge Gap in IT

Despite the growing number of incidents, some studies found a concerning degree of complacency among IT professionals. One data security company reported that a whopping 25% of IT professionals did not know ransomware could breach Microsoft 365 and compromise corporate data.

Even when IT professionals knew better, they did not always have plans for their businesses that reflected this. Roughly 40% of IT professionals claimed their employers had no recovery plan.

Consequently, Microsoft represented their only line of defense against skilled hackers. However, Microsoft itself has highlighted the risk of these attacks on its platform and the systems of the organizations that use it.

Ransomware Can Affect Data Secured in Microsoft 365

Microsoft is clear about its role in protecting cloud data. It leaves no stone unturned and offers a wide range of tools for organizations. However, it describes its role as a partnership between itself and the companies that use its platform. In other words, those companies must also play their role in preventing these attacks.

The Partnership

Microsoft breaks the data security partnership down into two clear roles:

1. Microsoft builds secure cloud services and provides organizations with capabilities and controls to protect their data.
2. Companies own their data and must accept the responsibility of securing on-premises resources, identities, log-in credentials and cloud components controlled by the organization.

The Tools

IT professionals must review Microsoft's tools and controls and adjust them to meet organizational needs. Here are the main ones to check:

• Recycle bin: Ransomware attacks usually involve creating a new, encrypted version of core files. Then the attackers delete the existing files. These files could remain in the recycle bin for 93 days and managers can restore them. After this period, Microsoft has a small 14-day window where it might be able to recover the file.
• Versioning: Microsoft maintains at least 500 versions of files, and organizations can change the settings to retain even more. Workers should know how this works and how to restore versions.
• Files restore: Microsoft also provides a self-administered recovery option for OneDrive and SharePoint. It makes it possible for workers to restore any file lost or deleted within the past 90 days.
• Single item recovery: Microsoft allows companies to recover deleted files within 30 days. It sets the default to 14 days, so IT professionals must adjust it for maximum protection.
• Encryption: Microsoft provides tools for organizations to encrypt the files they store so that only authorized persons can view them. Provided that the attack did not involve using eligible credentials, encryption blocks hackers from reading or sharing the data stolen.

Microsoft Offers These Recommendations for Recovering From Ransomware

The current rate of attacks suggests that most companies will encounter an attack at least once. Consequently, companies must fix that 40% gap in crafting a recovery response. Microsoft cautions that there is no guarantee hackers will keep their word when companies pay a ransom. Here are recommendations from the tech giant.

Act Quickly

Microsoft warns that the longer companies take to respond, the less likely it is that they can recover their data. The hackers are not the only reason for this. Time limits for recovering deleted data in Microsoft 365 also affect this.

Verify Backups

Companies need to confirm they still have access to their backups. Before restoring them, they must also confirm they have removed the ransomware and resecured the network.

Disable Syncing and Sharing

When an organization detects an attack, it should disable syncing and sharing. This helps to prevent the spread of the attack.

Restore From Backups

Once the organization has cleaned up its system and is sure the malware is gone, it can begin restoring data from backups. Microsoft recommends restoring data on a new or cleaned device first.

Cloud Migration Affects Long-term Ransomware Protection

Most modern businesses have migrated to the cloud or are planning to do so. Protecting data during this migration plays a critical role in preventing future ransomware attacks. Companies should also determine what migration strategy best suits their long-term goals. Cloudficient can help companies choose the best approach for their cybersecurity strategies. Contact us to learn more.

With unmatched next generation migration technology, Cloudficient is revolutionizing the way businesses retire legacy systems and transform their organization into the cloud. Our business constantly remains focused on client needs and creating product offerings that match them. We provide affordable services that are scalable, fast and seamless.

If you would like to learn more about how to bring Cloudficiency to your migration project, visit our website, or contact us.