How Criminals Can Get Your Office 365 Data

Microsoft works hard to update and secure its full-featured office productivity suite, Office 365. But because it is one of the most widely used office productivity suites in the world (more than 85 million active users worldwide and growing), it is also a target for hackers and thieves.

What can ransomware do to Office 365?

When we think of ransomware in Office 365, we usually think of a program that encrypts or restricts access to critical business systems until a ransom is paid. This is one type of ransomware, and it can cost businesses a lot of money. According to Datto’s Ransomware Report, 75% of respondents reported their clients suffered business-threatening downtime in the past year.

But ransomware can also be used to steal your data, including your critical data like customer information, research and development, financial data, and other protected information. For example, ransomware may be used to access your confidential trade secrets and threaten to expose them. It may be used to access customer financial information with a threat to sell it on the black market to the highest bidder.

Ransomware in Office 365 can interfere with your business operations or steal sensitive data from your company.

Can ransomware in Office 365 be prevented?

Unfortunately, ransomware is a rampant problem in the business IT environment. Datto surveyed 1,100 IT service providers about ransomware and cybersecurity and found that 94% reported ransomware infection despite having antivirus software in place. While antivirus and information security platforms can do a lot to help protect your systems from malware, they don’t have a great track record for preventing ransomware in Office 365.

How does ransomware get in?

The genius and the danger (depending on your point of view) of ransomware is that criminals do not need to find a way to penetrate Microsoft’s protection layers to carry out their extortion attack.

Instead, criminals often use social engineering schemes. For example, they can use a phishing scam. Verizon’s 2016 Data Breach Investigation Report revealed that phishing emails have an average open rate of 30%.

Your legitimate user (who unknowingly acts as a security vulnerability) gets a message from an address that appears to be legit and in the seemingly official correspondence, they include a Trojan that has a payload disguised as a legitimate file.

What can protect my business from ransomware?

The best protection against ransomware is frequent, reliable, secure data backups. When the data is backed up frequently, old (uninfected) data can be easily restored to replace data that’s blocked or infected with ransomware.

It’s important to note that ransomware, like many other forms of malware, can remain dormant in the system for a period of time before activating itself. Therefore, a backup system should retain several months’ worth of backups in order to provide good protection from ransomware.

Systems that overwrite old backups as soon as a new one is recorded may not provide robust data protection in the event of a ransomware attack.

See it for yourself: Office 365 and Ransomware

Want to see how an Office 365 instance can get infected with ransomware (and recover)? Watch our live ransomware infection and recovery (but don’t try it at home).