Using File Sync & Share to Help Fight Ransomware

Ransomware

We’ve written a lot about security in general and ransomware in particular, because your security is a major concern to us – and we hope your own organization’s security is a major concern to you as well – and because ransomware has proven to be a very difficult thing to guard against. We’ve written about tools such as CryptoPrevent and WinPatrol. We’ve talked about innovative approaches such as OpenDNS to try to block the “phone home” communication between malware and command & control servers. But once you’ve been infected and your files have been encrypted, you really have only one of two choices: either pay the ransom, or restore from a backup. The latter, of course, assumes that you have a recent backup, and that it’s in a location where the ransomware can’t encrypt it as well.

So how can an enterprise file sync & share tool help? Let’s look specifically at eFolder’s Anchor tool.

There are three primary ways to use the Anchor tool:

  1. File Sync & Share – Like most other products in this category, you can create a folder on your PC that is synchronized with your personal Anchor folder. You can also leverage this function to send large files by using the Anchor plugin for Outlook to simply send a recipient a link to download a large file instead of attaching the large file to a mail message.
  2. Team Shares – You can create Team Share folders, and control which individuals have rights to those folders. Optionally, you can use the “File Server Enablement” feature to populate a Team Share folder from a folder on an on-prem file server, and keep them synchronized with each other.
  3. User Backups – Users who have personal Anchor folders can also use the Anchor agent to back up specific folders on their PCs…not just the special Anchor sync folder. I use this function myself – there are two folders on my laptop that I use for storing all of my business-related documents. They are both backed up to the Anchor cloud. The last time I got a new laptop, all I needed to do was install the Anchor agent, and restore those two folders, and I was back in business.

In all three of these cases, Anchor maintains a revision history of files as they are changed. By default, past revisions are retained until they are either manually deleted or automatically deleted by organization policy, e.g., you can set a limit for the number of days prior revisions will be retained.

Let’s assume that I am unlucky enough to get nailed with a ransomware infection. It not only encrypts my local hard drive, it also ends up corrupting my Anchor files, because the encrypted versions of all my files will be faithfully replicated up to the Anchor repository. But – I still have the prior revisions of those files from before they were encrypted. So, worst case, I reformat my PC, reinstall Windows, go to my Anchor Web interface, and roll back my files to the revision just before the ransomware infection. I can restore that to my PC, and I’m once again back in business.

In the newly-released v2.5.2 version of Anchor, an administrator can also manually create a snapshot of a user’s files or of a Team Share – either for safekeeping, or for restoration purposes. It can be a full snapshot, or it can be a snapshot of everything prior to a specified point in time. So, once again, if a Team Share has become corrupted, the administrator can create a new Team Share that is a snapshot of the old one just prior to the point at which the corruption occurs.

In the good old days, we could perhaps rely on My Documents redirection, and try to force all the users to store stuff on file server shares that could be administratively backed up. But we now live in a cloud-first, mobile-first world. Many organizations no longer have file servers in the office – all the corporate data is in the cloud. My business laptop is no longer joined to a domain – there is no server to which my My Documents folder can be redirected. And many of your mobile users, although they may still have domain-joined laptops, may also be mobile enough that they frequently create important documents that have to live on their mobile computing devices for several days before they reconnect with the network so you can copy those files to a file server. So how can you protect that data from a ransomware infection? You can set up Anchor synchronization and rest assured that the data is being backed up to the Anchor cloud whenever they’re attached to the Internet. Automatically – no additional user intervention required.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.