Home Office 365 subscribers get ransomware file restore feature

  • Liam Tung (CSO Online)
  • 06 April, 2018 04:27

Microsoft is extending a ransomware file recovery feature previously limited to OneDrive for Business to personal OneDrive accounts. 

The feature, dubbed Files Restore, will allow Office 365 users to restore a OneDrive account to any point it was in within the past 30 days. 

Files Restore launched in January exclusively for OneDrive for Business users, offering a cloud-based backup and recovery service for restoring files that were accidentally deleted, corrupted or encrypted by ransomware. 

The expanded availability of Files Restore means that Office 365 home users who back up everything to OneDrive will have a better chance of recovery if they opt to turn down a ransomware attacker’s demands for payment. 

It should also protect against ransomware attacks like WannaCry and NotPetya, which demonstrated that paying doesn’t guarantee you’ll get access to your files. 

To make recovery simpler, Microsoft is giving Office 365 users a new alert feature that sends a notification to potential victims when a ransomware threat is detected. The alert can be received via email or a smartphone or desktop notification and guides users through the recovery process. 

Though ransomware remains a serious threat, the feature comes as Microsoft has tracked a decline in file encryption attacks as cybercriminals turn to lower-risk cryptocoin-mining malware that hijacks a CPU to earn cryptocurrency for the attacker.  

Microsoft is also bolting down shared access to files in OneDrive through password protected sharing links. Users can now set and require a password to access a shared file or folder, preventing access when a link to a shared folder is forwarded accidentally or maliciously. 

Potential Outlook email encryption and forwarding weak points are being addressed too with this update. 

Microsoft has offered an answer to the scenario where the sender’s email provider encrypts messages in transit using HTTPS but the recipient’s email provider doesn’t or in general may not be trustworthy to keep the message secure once it arrives, in which case the sender can encrypt the content of the email. 

If the sender is using they’ll be prompted to encrypt a message if it contains sensitive information like social security numbers. If the recipient isn’t using Outlook web or mobile apps, they’ll receive a link to an Office 365 page and will be given the option to receive a once-time passcode or re-authenticate with a “trusted provider” before viewing the email. But if the recipient is using Outlook the process will be as is. 

“ email recipients who view the encrypted email in, the Outlook for iOS and Android app, or the Windows Mail app can read and reply just like they can with any other email—no extra steps needed. When composing an email in, sensitive information like social security numbers can be detected to provide you with a suggestion to send with encryption,” Microsoft states. 

Microsoft is also locking down leaks that might occur through forwarded email with sensitive attachments. Senders can now set an email prevent recipients from forwarding or copying emails sent from Any attachments will also be encrypted.