If your PC is infected with ransomware, it will spread from file to file, encrypting them until you pay the bad guys for the digital key. But ransomware can also spread to your files stored in the cloud—and that’s what Microsoft’s new OneDrive protections are designed to address.
On Thursday Microsoft announced the ability to “roll back” the files stored in OneDrive to versions stored up to a month ago, to help you return to a point before you were infected by malware. The company also said it will use its automated threat-detection systems to figure out when the ransomware began infecting those files and alert you via your phone that an infection has taken place.
Microsoft announced additional protections for sharing and reading files stored on OneDrive and emailed via Outlook.com, the web-based version of Outlook—including encrypted email. The catch? You’ll have to subscribe to Office 365, Microsoft’s subscription service that also includes access to PowerPoint, Excel, Word, and the other Office apps. The Outlook protections aren't yet available to the Office 365 version of Outlook.
"With the growing presence and sophistication of online threats like viruses, ransomware, and phishing scams, it’s increasingly important to have the right protection and tools to help protect your devices, personal information, and files from being compromised,” Kirk Koenigsbauer, the corporate vice president for Office, wrote in a blog post.
What this means for you: Though smart surfing and other good Internet practices are your first defense against malware, including ransomware, it does happen. And if ransomware infects your PC, it tries to infect other PCs on your network, including persistent connections to cloud storage. Erasing all of your files and refreshing your PC would be an appealing solution—if it didn’t mean losing all of your files. Microsoft is pitching OneDrive as a solution: Upload all of your critical files now, before your PC is infected. Even if the OneDrive stash becomes infected, you’ll be able to access an older, uninfected version.
Cloud protections in place
What’s new is that Microsoft has adapted its Files Restore capability—previously only for OneDrive for Business—and brought it into Office 365 subscriptions for home users. Not only will Microsoft detect an attack, but you’ll be notified by any channels that Microsoft would normally use to send you messages: email, a popup notification, and more.
Then, you’ll be able to enter OneDrive and essentially “roll back” to an earlier day. You’ll want to pick a day before Microsoft alerted you about the attack, naturally.
Microsoft has also taken security within Outlook a step further: Now you can password-protect links to folders or files. That’s handy: Previously, there was really no real way to protect links to files or folders from being shared to anyone. Both the ransomware detection and link protections are available starting Thursday, Microsoft said.
If you are concerned about those links being forwarded, Microsoft has begun to address that, too. In Outlook.com, you now have the option of encrypting a file or preventing it from being forwarded, or both simultaneously.
It’s not clear how well Microsoft has secured files in Outlook versus, say, PGP—but Microsoft says you’ll be able to encrypt a file sent via Outlook.com, then read it within Outlook for iOS/Android or the Windows Mail app. (Microsoft doesn’t maintain the encryption if you respond to that email, though, or author another one from those other apps.) If you turn on the prevent-forwarding option, Microsoft will also encrypt the email—as well as any Microsoft Office documents you’ve attached.
Password-protected sharing links, email encryption, and forwarding prevention will start rolling out in the coming weeks, Microsoft said.
Microsoft added that, later this year, it will automatically begin checking links within Word, Excel, or PowerPoint. If that link links to a suspicious site, you’ll be flagged. Outlook.com already sniffs your links for potential malware.