Ransomwares, a danger to Drive?

Ransomware versus Google Drive

The security superiority of cloud offerings such as G Suite or Office 365 is no longer an issue. But is your data protected from viruses and especially crypto viruses – or ransomwares – when you use Google Drive, Dropbox, OneDrive?

100% web model

If you use G Suite or Office 365 in 100% web mode, i.e. you only work from the web browser, you are protected against malware and ransomware1. Indeed, there is no passage between an infected computer and your data on the cloud.

By working in 100% web mode, a possible virus polluting the operating system (Mac, Windows) will not be able to trace back to the data on the cloud.

But what about when you synchronize data locally?

1 Be careful, however, about any third-party extensions you may have added to Drive and for which you have therefore authorized access to your data. We recommend that administrators prohibit add-ons or allow only those above suspicion.

Can a ransomware encrypt my cloud data?

Yes, when you install the synchronization software from Dropbox, Google Drive or Microsoft OneDrive for example, a certain amount of data will be hosted on your computer.

If a crypto-locker infiltrates a computer, it will encrypt the disk. Your local data will be encrypted before it is synchronized with the cloud service. Then the figures will go down to the other synchronized devices (yours and those of colleagues). And so: bye bye healthy data!

Drive File Stream and ransomwares

Drive File Stream and OneDrive on Demand are clients that are installed on the computer. Displayed as a mounted disk, they give access to the entire cloud server tree structure. The user can then open the files with his usual software; the files are downloaded on demand (streaming). A cache system keeps recent data locally and the user can activate the offline mode on the data of his choice to have them available even if he does not have Internet.

With Drive File Stream and OneDrive on Demand, it is all data – even remote data, which was neither cached nor defined as available offline – that can be corrupted depending on the type of virus.

Read about it: Google Drive, a cloud server ?

How to protect yourself from ransomwares

First, you must protect the entry points, i.e. your equipment, computers and collaborators’ devices. Not only does a crypto-virus attack your data, it can also spread. For example, some viruses replace healthy files with a fake hiding a infected executable. You must avoid this spread at all costs: more and more companies are “linked” to each other via shared data.

On average, Gmail is 5 hours ahead of new threat detection compared to antivirus vendors.

You can also top up your infrastructure with specialized solutions such as Cylance or FireEye so you don’t have to rely on a single security system.

You must then have a backup system in case of a disaster. With Google G Suite or Microsoft Office 365, you can choose between 2 strategies to backup your data and restore it in case of an incident:

  • Cloud-to-Cloud: Use a cloud backup service that will back up and restore your G Suite or Office 365 infrastructure.
  • Hybrid: Use a local or hosted server (e.g. Synology NAS or QNAP) to backup your cloud.

Would you like advice on a strategy adapted to your situation?

Note that services such as Box, Dropbox, Drive, Drive, OneDrive integrate versioning: you can recover previous versions of a file. Practical for a limited but impossible damage if it is necessary to restore several hundreds, thousands or millions of files. Microsoft OneDrive now offers a mechanism for mass data recovery.

The user, the weak link

The restoration of several terras is not without effort. The spread of a virus to a customer becomes a serious problem. Treating the damage of an attack always costs much more than a little information on a regular basis.

Raising user awareness of good practices and hazards is essential. But almost non-existent in companies.

It is imperative to train users in data security. What are the risks? Where do they come from? What are the consequences? Regular reminders (very regular!) should be sent to them about good practices. A user should be aware of the emergency procedure if he or she is a victim of a virus or notices something suspicious.

Conclusion

The cloud offers unparalleled security guarantees for your data. If G Suite and Office 365 have “out of the box” protection mechanisms, they are not completely waterproof depending on how you use them.

Implement a backup and recovery strategy to protect yourself from intentional or unintentional data loss, whether from users or malware.

Would you like advice on the right strategy, adapted to your situation?