How M-Files Helps Foil Ransomware Attacks

Introduction

In addition to traditional viruses and malware, IT Security Officers must also protect against ransomware. Ransomware is a specific type of a malware that generally attempts to encrypt data on victim’s computer and demands user to pay ransom for exchange of the decryption key.

1. Protection Mechanisms

The most efficient way to protect against ransomware is to ensure that M-Files Servers and all client computers have up-to-date malware protection with real-time scanning enabled.  Taking regular full backup of data and storing the backups offsite is another good way to protect against malware.

2. How Does M-Files Hinder Ransomware from Encrypting Vault Data?

The most potential ransomware risk lies on unprotected client computers that have active sessions on M-Files Server. One could think that because M-Files Desktop installs a virtual drive (the M drive) on client computers, ransomware could scan the M drive and encrypt files. This could potentially be the case with mapped network folders but files that are exposed via the M drive cannot be edited unless they are checked out. In order to check out documents in M-Files, user must have edit rights to the object and user must perform the check-out operation either via the M-Files Desktop UI or via M-Files APIs. Therefore, only the ransomware that are able to use M-Files API can theoretically encrypt files in M-Files.

M-Files is not currently aware of ransomware that would have specific capability to interact with M-Files API. If such malware existed and was executed on M-Files client computer, the edited (encrypted) file would be saved as a new version on the M-Files Server computer. M-Files Server never overwrites vault data on the server: all changes are stored as new object file version-specific files on the disk or in the database. Therefore, encrypted files can be easily rolled back to the previous version via M-Files Desktop software. The roll-back operation is also supported via the API, in case multiple files need to get rolled back and if there is no backup file of the vault available.

For more information on how we can help your organisation please email: peter@documentmanagementsoftware.com.au or visit www.documentmanagementsoftware.com.au


Peter Ellyard

Having spent over 20 years immersed in the document management software industry I have found that by offering a simple to use, highly effective electronic document management solution (knowledge management software) we increase productivity dramatically. Typically by an hour per person, per day! This is not rocket science, just a simple way to streamline your day to day information needs.