Mobile-First Cloud-First

O365

How to prevent ransomware encrypted files to sync to OneDrive for Business

Date: May 13, 2017Author: Per Larsen (MVP) 2 Comments

On premise we can use File Server Resource Manager (FSRM) component File Screening Management that is a part of Windows Server operation system.

But when we are moving to the cloud we also need to do something – and this is one way. Many companies are using  OneDrive for Business and then we can prevent the encrypted files to be synced to OneDrive for Business with a minimal admin effort and a low user impact.

 

This is an example of a site that have a updated list of file extensions used by ransomware:

Anti-Ransomware File System Resource Manager Lists
https://fsrm.experiant.ca/
Here is some information from FBI:
Ransomware Prevention and Response for CISOs

How to setup “Block syncing of specific file types” with OneDrive for Business

Start OneDrive Admin Center at https://admin.onedrive.com

Click Sync

OneDrive - Dont sync Cryptolocker - 01

Select “Block syncing of specific file types”

OneDrive - Dont sync Cryptolocker - 02

Click “Add file name extentions”

OneDrive - Dont sync Cryptolocker - 03

Insert the list of file extensions you dont what to sync to OneDrive for Business

This list of file extensions need to be updated when the bad guys using a new file extensions.

OneDrive - Dont sync Cryptolocker - 04

Click save

OneDrive - Dont sync Cryptolocker - 05

And now the file extensions in your list will not be synced to OneDrive.
This will also work on devices that you dont have any management control over.
This is not a way to prevent Ransomware – but a way not to get already encrypted file uploaded to OneDrive for Business.
Please remember to backup your company data.
Dont stop patching your Windows.
Where it is possible use only white listing of application.

Published by Per Larsen (MVP)

I'm a Solution Architect in Atea Denmark, working with designing and deploying solutions based on Microsoft Enterprise Mobility Suite, Microsoft Intune, Microsoft System Center Configuration Manager and Microsoft Azure. Co-Organizer @ewugdk "Everything Windows User Group Denmark", and public speaker. Owner of the blog: Osddeployment.dk

2 thoughts on “How to prevent ransomware encrypted files to sync to OneDrive for Business

Add Comment

  1. Hi Per,
    Thanks for a great post – any change you would share the file name extensions you have blocked?
    Thanks
    /Nicklas

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: