Prevent and Protect With ownCloud Ransomware Protection App

The ownCloud App made available in the ownCloud GmbH Marketplace, protects users from over 90% of all known ransomware, as well as enables them to recover the affected data in the case of a successful attack.

Click to enlarge

In particular, this is ensured by two features. First is the integration of a constantly updated blacklist that prevents the possibility of uploading infected files and second is a ‘roll-back function’ that enables administrators to reset affected files back to their original state. This dual function reduces risks originating from ransomware to a minimum.

Attacks launched by ransomware are a perpetual threat to businesses and individuals. Although this issue is only paid attention to following major attacks such as Wannacry or Petya, the danger of becoming a victim of blackmail software is a constant one. These attacks differ widely in their characteristics, making them even more difficult to detect and even harder to prevent. This requires a sustainable and constantly updated protection mechanism. This is the purpose of the Ransomware Protection App.

The application protects companies both by blocking already known ransomware files and by restoring infected files to their original state.

Prevention through automated blacklisting and account locking
In most cases, ransomware encrypts files, saves them again and appends a new file extension. The prevention function of the app starts exactly at this point and blocks all file changes that are included in a blacklist (e. g. ‘crypt’) by preventing the upload. Blacklisting is done via an automated configuration script using ownCloud’s file firewall technology. As a result, infected/encrypted files can no longer be uploaded to the ownCloud server, thereby preserving the original files. The blacklist is also updated automatically every time the app is updated.

In addition, the ‘Account Locking’ function also serves as a preventive measure. This feature prevents further access to the account via the client after a detected attack to avoid further malicious file changes. The lock is triggered automatically, but can also be deactivated by the administrator in advance. Users will then receive an error message about the blocking of their account. This feature only applies to the client, but the application remains usable via the Web-UI. There, a notification banner informs the users about the lockout and directs them to their personal settings, which can be used to unlock the account after the ransomware problem has been resolved.

“More than 90% of the current ransomware attacks are launched by renaming the file extension. We can effectively prevent this“, says Holger Dyroff, COO, ownCloud. “However, the other 10% do not change the file name at all (or randomly). That makes preventive measures much more difficult. But, by featuring the ability to reset files back to a specific date, we provide an innovative extension of today’s capabilities in ownCloud.“

Any affected file can be recovered
When it comes to affected files, the Ransomware Protection App offers two additional features that can be used to reverse any damage that has occurred. For this purpose, the admin is provided with a scanner integrated into the app that can be used to uniquely identify the time of the attack specifically. In addition, the app contains a ‘restorer,’ which can be used to set affected files back to the state from before an attack. This ‘roll-back’ feature offers the advantage over a conventional backup due to the fact that the data is automatically synchronized with ownCloud and the user does not have to worry about the backup itself. For administrators, the added value lies in the fact that the option of selective recovery eliminates the need for large backups for every user at any time – and thus eliminates downtimes and inefficiencies in the first place.

This means that the Ransomware Protection App protects 100% of all data in a user´s ownCloud that is synchronized with the desktop client. This also means that the app is an effective protection against blackmail software in the field of enterprise file sharing.

To ensure the funtionality of the app, Ransomware Protetion has to run on stand-by in order to detect operations in advance and to reset corrupted data in case of an attack.

Interested companies may run a test of the Ransomware App on the company’s website. In case ownCloud isn’t running yet, it is available for download as an virtual appliance.

The Ransomware App is available for all ownCloud Enterprise subscriptions.