Before you go, check out these stories!

Hackernoon logoHow to Secure Office 365 & Windows from Ransomware Attacks by@faizan-haider

How to Secure Office 365 & Windows from Ransomware Attacks

Author profile picture

@faizan-haiderFaizan Haider

Faizan Haider is a technology expert with many years of experience in the tech industry.

It’s no secret that we’re living in uncertain times. Many countries are under partial or full lockdown for the past few weeks, making work from home the new norm for the foreseeable future, at least.

With security and IT teams face geared up to meet the challenge of supporting and securing a large remote workforce, the last thing they want is a ransomware infection due to a malicious email.

In this article, we’ll discuss why ransomware attacks are still a threat to businesses and how you can secure your systems against them.

Why do businesses need to be concerned about ransomware?

Ransomware is a kind of malware that encrypts all the files on a victim’s computer to extort money in return for restoring access. Over the years, ransomware has affected thousands of businesses – both big and small – from every industry worldwide.

One of the most recent and notable examples is the deadly WannaCry ransomware, which took place in May 2017. It infected more than 300,000 computers in at least 150 countries and brought businesses to a complete standstill, costing them as much as $4 billion in losses.

According to the 2020 SonicWall Cyber Threat Report, there were around 151.9 million ransomware attacks recorded in the first three quarters of 2019. The rapid spread of the coronavirus pandemic is forcing more and more companies to transition to the work-from-home model.

Undoubtedly, cyber-criminals are well-aware of this trend and will do what they can to leverage it to infiltrate into corporations. This has already led to a rise in phishing-related incidents and could very well mark the return of ransomware attacks as well!

How to protect Windows 10 PCs from ransomware?

Keep OS patched

As you probably know, Microsoft releases patches for Windows 10 from time to time. In most cases, these updates are automatically downloaded via Windows Update. But if your employees hear about a ransomware attack, they should immediately install the update manually so that they’re protected. To do this, all they have to do is follow these steps:

1. Go to Settings.

2. Click Update & Security.

3. Hit the Check for Updates button.

4. If Windows finds new updates, they’ll be downloaded and installed automatically.

Install ransomware protection

You’ll find many anti-malware programs on the market that come with integrated ransomware protection. However, you need to make sure your employees install the ones built explicitly to target ransomware.

For example, Malwarebytes Anti-Ransomware beta protects against all kinds of ransomware by using its advanced proactive technology. The free tool monitors program behavior to stop any ransomware that bypasses your existing antivirus.

Back up data

The idea behind ransomware is to lock your files until you pay a certain amount to regain access. So, backing up your files is one of the best ways to counter ransomware. In this way, you won’t have to pay the ransom as you can easily restore your data from the backup.

Your employees should rely on cloud-based backups, rather than just backing up to a hard drive attached to their computer. Most online backup services like Dropbox, Microsoft OneDrive, and Google Drive also use versioning, which keeps both current and previous versions of your files.

Enable Controlled Folder Access

Windows 10 has a built-in ransomware protection feature known as Controlled Folder Access. What it does is keep your files and documents safe from modification by malicious or suspicious apps. This is particularly useful in protecting your data against ransomware, as you can specify (whitelist) which programs can access your files.

Here’s how to use it:

1. Go to Settings > Update Security > Windows Security > Virus & threat protection.

2. Click Manage settings under Virus & threat protection.

3. Turn ON the Controlled folder access setting.

Block dangerous ports

It’s important to remember that every open port is a potential ransomware entry point. Therefore, your employees are better off blocking non-essential ports. Just open Windows Defender Firewall with Advanced Security, click Inbound Rules, and disable the following ports:

  • TCP/3380 – Remote Desktop Protocol
  • TCP/80, TCP/5986, & TCP/5985 – Windows PowerShell/ Remote Management
  • TCP/139, TCP/445, & TCP/135 – Server Message Block (SMB)

Note: Don’t forget to review VPN permissions when setting up remote access.

How to protect Office 365 data from ransomware?

Don’t click suspicious links/attachments

Ransomware is typically spread through phishing emails that include malicious attachments or links. If you don’t want your Office 365 data to be compromised, ensure your employees have ample awareness training regarding phishing, i.e., how they can identity and report such attempts.

Use File Restore

If your files get corrupted, deleted, or infected by ransomware, you have the convenience of restoring your OneDrive to a previous time. The File Restore feature can be used to retrieve files from any moment in time within the past 30 days.

Watch Out for Office 365’s Ransomware Detection & Recovery notifications

Not so long ago, Office 365 introduced a new security feature that automatically detects ransomware attacks and alerts you through notifications. Keep an eye out for them because they’ll help you restore OneDrive to a time before the ransomware infection, so that your Office 365 data isn’t rendered unrecoverable.

Are there any other best practices that you follow to protect your business from ransomware? Let us know!

Author profile picture

@faizan-haiderFaizan Haider

Read my stories

Faizan Haider is a technology expert with many years of experience in the tech industry.


Join Hacker Noon

Create your free account to unlock your custom reading experience.