3 Tactics to Thwart Office 365 Ransomware Attacks

For small to mid-sized businesses Microsoft Windows-based systems remain dominant. Windows continues to be the operating system most widely used on desktops and laptops. And Microsoft Office remains the most widely used work office suite.

So it’s no surprise that Windows systems remain the top target for ransomware, too. A stunning 100% of IT professionals reported they had seen Windows systems infected by ransomware. With the threat being so prolific, wouldn’t it be great to know more about how to protect from ransomware? Here are a few quick tips:

DNS

Switch to a DNS (domain name system) service that monitors and blocks known malware sites to reduce the risk of ransomware. Unless you have custom configured some settings, it’s likely that a site’s DNS provider is the Internet service provider. Some businesses use DNS to filter a variety of websites spanning from social media to online retailers. More complex configurations can block sites from specific user groups, but allow access from other systems.

DNS service providers can block access to malicious sites in two ways: by blocking a request when a person inside an organization attempts to access a harmful site, or—if malware is already inside an organization—by blocking attempts by malware inside the organization to “phone home” outside the organization. When a device on the network requests a site identified as a ransomware source, the DNS provider prevents access. Instead of malware, you see a notification that the requested site is blocked, often with a suggestion to contact a network administrator if you believe the site to be blocked in error.

SmartScreen policies

Microsoft’s SmartScreen filters work to block harmful sites and downloads at the browser level, much like a DNS provider can at the network level. The system calculates a risk score, based on a variety of factors, then warns the user of potential harm. SmartScreen works within both Microsoft Edge and Internet Explorer 11 browsers. An administrator can configure SmartScreen to act either as an advisor or a blocker. When set as an advisor, a person will see a warning when either visiting a potentially harmful site or downloading a potentially harmful file. But the warning can be ignored.

Email

Email attachments often deliver a ransomware payload. “Here’s the file you need,” reads the text of the email—with an attachment. Too often, the recipient opens the file—and realizes later that it really wasn’t a needed file, but instead a malicious app.

Microsoft gives Office 365 allows administrators to block any of nearly 100 different file types. The most secure setting would be to simply delete all attachments. Anyone needing to share files with people could upload a file to OneDrive, then share access. The recipient would receive a notification via email—but not the actual file! — and could then login to OneDrive to view files “Shared with me”

You should block files likely to be harmful. According to a Microsoft Security Intelligence Report from June 2016, the file types most often blocked by Office 365 Advanced Threat Protection were Word (.doc, .docm), JavaScript (.js), and executable files (.exe, .scr, .com, .pif, .cpl).