Microsoft adds ransomware protection and file restore to OneDrive cloud storage

Microsoft is introducing a new OneDrive feature this week that will make it easier to recover from ransomware attacks. Files Restore is making its way over from OneDrive for Business to personal OneDrive accounts. The catch is you’ll need an Office 365 subscription to get access to the new Files Restore feature. OneDrive users can now use it to simply restore files from any point in time within the last 30 days. If you accidentally delete a file you’ll be able to restore it, or if you make some bad changes and want to roll back to an earlier copy.

Microsoft is marketing the Files Restore feature as a good way to protect against ransomware attacks that lock files on a local PC, and often try to delete copies that are stored in synced folders – replicating those changes in the cloud. We’ve seen a number of these attacks recently, and victims have been forced to pay money to try and get their files back.

If OneDrive detects mass deletion of cloud files, Microsoft will alert users through an email or mobile / desktop notification and a recovery process will let you quickly restore to a time before the ransomware attack. “It’s the first of its kind in the industry,” says Seth Patton, general manager of Office 365. “We believe OneDrive is the safest place to store your files.”

OneDrive Files Restore

Alongside this new Files Restore feature, Microsoft is also adding password protected sharing links for OneDrive to make it a little more secure when you share out sensitive files or folders. Outlook.com is also getting updated with email encryption for Office 365 subscribers. The email encryption can be enabled on individual messages, and Outlook.com will even prompt you to encrypt emails if it detects information like social security numbers in messages. Recipients will be able to read the messages in Outlook.com, Outlook for iOS and Android, the Windows Mail app, or just by visiting a link in the email if the level of security at the recipient doesn’t meet Microsoft’s encrypted connection standards. Outlook.com users will also be able to prevent recipients from forwarding or copying emails sent from the service.

OneDrive’s Files Restore, ransomware protection, and Outlook.com encryption will start rolling out to Office 365 subscribers today and throughout the rest of the month. Microsoft says password protected OneDrive links will be available in the coming weeks.

Comments

Maybe they should follow Apple’s example of requiring trusted certificates, sandboxing, and not giving system wide access by just hitting "ALLOW".

Of course advanced users can bypass trusted certificates via settings, like apple does but it prevents average users from destroying their computer.

Microsoft already has those mechanisms in place. Known viruses and ransomware are deleted the moment they’re downloaded, and downloads by unverified publishers are flagged. Sandboxing is achieved through the Windows Store. The problem is when developers unintentionally become carrier vectors for ransomware, or when users ignore the warnings and disable the security features because "they’re too annoying".

There is no more powerful avenue for infection than the user clicking "Yes".

This is a pretty good feature, until recently, the only way to ‘ransomware-proof’ OneDrive or Google Drive for business files was to subscribe to a separate cloud to cloud backup service that offers point in time restores, and these were only available to the business versions of each service.

Hopefully Google Drive will eventually match this feature as well natively.

If you have Google Apps you have the ability to restore deleted files to a specific time for upto 10 users at a time:
https://support.google.com/a/answer/6052340?hl=en

I think the difference here is personal versions of the software? Rather than business? Anyway, these are good features and should be everywhere sooner rather than later

It’s pretty close, but it does not restore folder structure (from the link). Still, it’s a pretty good start for an "oh crap" scenario. Thanks for the heads up.

"It’s the first of its kind in the industry," says Seth Patton

Pretty sure that Dropbox has done this for a while.

That’s referring to the auto detection and notification of mass deletions/changes I think.

From what I read on Dropbox website (https://www.dropbox.com/help/security/ransomware-recovery), you need to go through their support desk to do a mass recovery of files. Also "Dropbox Support will attempt to undo the events in question" doesn’t sound vey reassuring.

Been waiting years for OneDrive to offer general file versioning. AFAIK it’s only been available for MS Office documents and not other file types.

Dropbox stores all version/deletion changes for any file (1 month for basic/plus accounts, 4 months for pro/business, and 1 year if you had their previous "extended version history" add-on which I did). The stored history doesn’t take away from your quota.

Dropbox makes it pretty easy in Windows too, just right click any file and select Version History. Hope OneDrive can do similar?

File versioning is great, but it will take you ages to restore all files if your whole cloud storage drive has compromised by ransomware.

I agree, user friendly whole-drive restore is convenient for those occasions such as ransomware.

I just wanted to confirm from the article, that OneDrive will also have single file/folder versioning like Dropbox, with easy access from the OS shell like Windows Explorer? Accidental deletions and rolling back edits are more common in my experience…

I use both Dropbox Pro, and OneDrive from Office 365 at the desktop OS integration level (whereas I use G Suite Drive on as needed basis, since I don’t want to load too many syncing engines at once).

Office 365 is the best deal around.

I struggled with justifying the purchase of it at first but now after having it for almost 2 years, its something I feel I can’t go without.

I was slowly just moving over to iCloud since I went all Apple a few years back, but OneDrive just seemed to good, but slow and clunky when I made the switch to Apple, where the benefits outweighed the risks. Now they have this in place, I might have to just stick with them despite having a decent MacOS app. It was one of those features I wanted but no one really had.

This is great, I’ve been hoping that they’d add file restore, and the ransomware protection sounds very useful

There has been file restore for a while if you’re referring to deleted file. In fact if you permanently delete a file from your OneDrive branch on your PC, you can still go to the cloud and restore it.

That’s a mixed-bag for me. It’s nice to know you can do that and adds a layer of safety.

However there are "somewhat sensitive" files I’ll sometimes transit from my phone, through OneDrive, to my PC because it’s great. Practically as soon as I’ve saved the file on my phone to OneDrive, the PC is rushing to download a local copy and it’s almost immediately ready to use.

In the case of sensitive files, once I’m done using/copying a sensitive file, I delete it from the PC’s OneDrive folder which deletes it from the cloud. However it leaves the file in the recycle bin on the cloud. I have to perform a second step to delete the file from the recycle bin, which is almost as much extra work as the entire file transit was.

That’s not a complaint. It’s just a trade-off. Most of the time it’s nice knowing the cloud’s recycle bin is there. Might be nice if "delete permanently" on the PC in the OneDrive folder caused OneDrive to do the same thing in the cloud. although I can see where other users might still prefer "delete permanently" to only mean on the PC and not the cloud.

is there currently a way to limit the forwarding, copying, dowloading of emails within the regular Windows’ Outlook desktop app?

View All Comments
Back to top ↑