This blog post focuses on preventing encryption of your document library by ransomware such as CryptoLocker.
CryptoLocker is an encrypting ransomware trojan that re-emerged in 2013. The cryptovirus operates via infected mail attachments, pop-ups and various add-ons with shady content. It encrypts all the files on the local drive after which you can no longer use them and are forced to pay a certain amount of money to the anonymous attacker in the hope of retrieving your lost data. Usually you are given 72 hours to pay the ransom in exchange for the encryption keys but have in mind that this usually turns out to be a fraud and your data is inaccessible forever.
Here’s how, as a SharePoint admin, you can avoid such notorious file-encrypting ransomware infecting your SharePoint.
If you’re worried about the virus attacking your SharePoint data, there is no reason for concern. Data stored on SharePoint is actually stored in a content database and out of reach of CryptoLocker unless the database is exposed to it. However, CryptoLocker can tend to get ugly if you store your data locally on a hard drive.
SharePoint is generally secure, but just in case you should take certain precautionary steps. There are two ways you can get attacked by such a malware: when using OneDrive for Business or when you map document libraries as network drives. To make sure you stay safe, protect your computers, don’t open suspicious mail attachments and regularly install updates.
SPDocKit cannot bulwark you from the malicious ransomware lurking about in the cyber world, but it can help you to enforce versioning on all document libraries. This way, if CryptoLocker does get through to your SharePoint, you can use the version history of the affected files on SharePoint to return to the unlocked state.
Microsoft keeps 14 days of SharePoint backups if you’re using SharePoint Online, however, you must restore the entire site collection. If you’re using SharePoint on-premise, you have to do your own backups unless you have a third-party tool that takes a backup of the entire site collection.
To enable versioning on SharePoint using SPDocKit, follow these steps:
1. Navigate to Queries & Rules and then click the New Rule button in the Home ribbon.
2. For the rule type select Document Version History. Click Next to continue.
3. In the Versioning Configuration section, select Create major and minor (draft) versions. Then choose additional configuration options depending on your needs. Click Next to continue.
4. Define how your rule will be executed and select Automatic. Then set up a schedule for automatic rule execution, such as the recurrence type, start time and how often you want the rule to be executed. Click Next to continue.
5. If you wish to refine your rule, select the conditions you want to apply and click Next to continue.
6. Define how widely across your SharePoint farm this rule should be enforced. To enable versioning across your whole SharePoint farm, select Web Application for both the Scope and the Target. When done, click Finish.
Each time the SPDocKit services execute a rule, a history record is created which you can explore.
If versioning is not turned on and CryptoLocker gets hold of your files, they will be lost forever. SPDocKit helps you by making sure that versioning is set up on all document libraries at all times.