File sharing as a weapon against ransomware attacks

Ransomware is a permanent security threat. File sharing solutions are an excellent defense against it. To enable efficient file sharing, such solutions keep files and documents on central servers and synchronize them with users' end devices. This centralized file management also makes them the ideal platform for defending against ransomware attacks. To do this, however, they must have some special capabilities. File sharing specialist ownCloud explains which ones:

1. Blacklist lead. In the vast majority of cases, ransomware changes the extensions of the files it encrypts. This allows the file-sharing system to keep a blacklist of extensions typical for ransomware - and block the upload of files with such extensions to the central servers. Then, infected files will not be able to infect others, and the original files will remain unharmed. This blacklist must be updated immediately as soon as new ransomware endings become known.
2. Lock affected user accounts. As an additional security layer, the file-sharing solution should automatically block user accounts affected by conspicuous file changes. It is then no longer possible to access the account via the client of the affected end device, which also prevents further spread of the malware. Once the ransomware problem has been solved, the accounts should be unlocked again by the administrator or the affected users themselves.
3. Determine time of attack. About ten percent of ransomware does not change the file extensions, preventing their detection by blacklists. For these cases, a file-sharing solution needs additional features to reverse the unavoidable damage. These include a scanner that can uniquely identify the time of the attack. This is the basic prerequisite for being able to recover affected files.
4. Reset encrypted files. For this recovery, the file-sharing solution needs a "restorer", which is basically an extension of its versioning capabilities. The restorer should allow any file to be rolled back to any point in time - which, in the case of a ransomware attack, would be the time immediately before the attack. Ideally, this "roll-back" function can be applied to individual user accounts, because then there is no need to import large-scale backups and downtime is avoided.

"If a file-sharing solution has the right features, it can offer comprehensive protection against ransomware," says Holger Dyroff, Chief Operating Officer and Managing Director at ownCloud in Nuremberg. "However, it can logically only protect files and documents that are also kept on the solution's central servers and synchronized with the end devices. Therefore, companies should ideally manage all files with the file-sharing solution, or at least the most important and critical of them - even if they may not necessarily need to be shared."

Source: ownCloud

See also article "Secure file sharing - five success factors"