In addition to traditional viruses and malware, IT security officers must also protect against ransomware. Ransomware is a specific type of a malware that generally attempts to encrypt data on the victim’s computer and demands the user to pay ransom in exchange of the decryption key.
Consider the following aspects for protecting your critical data:
• Ensure that data storages where all permanent data is located is protected properly. The most important assets are the metadata databases and file data where all the end user content is stored by M-Files Server.
• Ensure that you have backup and recovery plans. To minimise the risks, consider storing backups to a different network and limit access to the backup files. It is also important to periodically ensure that data can be restored from the backup files.
• Ensure that your application servers can be reinstalled and reconfigured when necessary. Consider storing the configuration files in a secure location.
• Ensure that you have a process for keeping the operating system and software up to date. Old versions might have commonly known vulnerabilities that attackers can utilise.
• Do not run or install any downloaded software which is not scanned.
• Do not install any software that is not scanned or essential to the server computers.
• Ensure the network security. For instance, do not allow remote desktop access from external network, and limit access to the personnel who really need to have the access.
How Does M-Files Obstruct Ransomware from Encrypting Vault Data?
The most potential ransomware risk lies in unprotected client computers that have active sessions on the M-Files server. One could think that because M-Files Desktop installs a virtual drive (the M drive) on client computers, ransomware could scan the M drive and encrypt files. This could potentially be the case with mapped network folders but files that are exposed via the M drive cannot be edited unless they are checked out. To check out documents in M-Files, the user must have edit rights to the object and must perform the check-out operation either via the M-Files Desktop user interface or via M-Files APIs. Therefore, only ransomware that can use the M-Files API can theoretically encrypt files in M-Files.
M-Files is not currently aware of ransomware that would have the specific capability to interact with the M-Files API. If such malware existed and was executed on an M-Files client computer, the edited (encrypted) file would be saved as a new version on the M-Files server computer. M-Files Server never overwrites vault data on the server: all changes are stored as new, version-specific files on the disk or in the database. Therefore, encrypted files can be easily rolled back to the previous version via M-Files Desktop. The roll-back operation can also be carried out via the API, for instance, when multiple files need to be rolled back and when there is no backup file of the vault available.