On premise we can use File Server Resource Manager (FSRM) component File Screening Management that is a part of Windows Server operation system.
But when we are moving to the cloud we also need to do something – and this is one way. Many companies are using OneDrive for Business and then we can prevent the encrypted files to be synced to OneDrive for Business with a minimal admin effort and a low user impact.
This is an example of a site that have a updated list of file extensions used by ransomware:
Anti-Ransomware File System Resource Manager Lists
Here is some information from FBI:
How to setup “Block syncing of specific file types” with OneDrive for Business
Start OneDrive Admin Center at https://admin.onedrive.com
Select “Block syncing of specific file types”
Click “Add file name extentions”
Insert the list of file extensions you dont what to sync to OneDrive for Business
This list of file extensions need to be updated when the bad guys using a new file extensions.