SoftwareOne logo

7 min to readDigital WorkplaceCloud Services

Backing up your data in Microsoft 365: Handling a ransomware attack

A silhouette of a person on a white background.
Matthew ShowersGlobal Best Practice Manager - Technology Services
A woman using a tablet in a server room.

Of late, it seems a week can hardly go by without news of a new ransomware attack. Experts estimate a ransomware attack occurs every 11 seconds with businesses bearing the brunt of these.

Since ransomware attacks target an organization’s data, one of the biggest concerns is how and where your files are stored. Because sky-high adoption rates of Microsoft 365 (formerly Office 365) are piquing the interest of hackers, it is important for users to understand how a ransomware attack could affect their organization.

This brings us to the importance of backups. In this second installation of our Backing Up M365 series, we’ll be talking about ransomware attacks. Let’s get started.

Ransomware attacks are more sophisticated than ever

With recent surges of ransomware attacks across businesses of all sizes and industries, you need to take steps to your business.

While Microsoft does release ransomware detection features and offers solutions for recovery, cybercriminals have proven to be particularly good at staying a step ahead in the race. And why wouldn’t they be? The stakes are high because data is a valuable, critical asset for any organization in today’s digital era. The larger the organization and the more capital assets they have, the bigger the ransom can be.

Cybercriminals that deploy ransomware will infiltrate, copy, and encrypt an organization’s data, rendering it useless or inaccessible until the ransom is paid. Meanwhile, the original files are deleted. At that point, there is not much you can do beyond paying the ransom and hoping for the best.

Beware the false security of Microsoft’s built-in capabilities

Businesses must do something to protect themselves before an attack occurs. Let’s consider this scenario that is, unfortunately, becoming all too familiar to IT staff in enterprise, healthcare, and government organizations in the 21st century.

The scenario

Someone in your marketing department opens a document emailed to him from a “former business colleague” promising to offer valuable information about an upcoming event he’s scheduled to attend. After he opens the document, he brings it out of read-only mode, therefore enabling the macros. At this point, his device starts to behave strangely. First, he sees some text files on his desktop that were not there before. Next, he cannot open his SharePoint or OneDrive files. Finally, he hears from a co-worker that the SharePoint files she needs for a meeting are now corrupted.

After your IT team pieces together these unusual events, you start to feel a sense of panic – you realize that your organization is experiencing a ransomware attack. The individual from the marketing department unwittingly served as the vector of attack by falling victim to an email phishing scam. From any perspective, it does not look good. If this attack were anything like WannaCry, the entire network could soon be shut down, slowing operations to a grinding halt.

For a fleeting moment, it occurs to you that there is a glimmer of hope. Doesn’t Microsoft provide built-in protection against data loss? Unfortunately, the protections they offer are limited. As it currently stands, SharePoint Online and OneDrive for Business do not protect against a scenario like the one above.

The aftermath

Unfortunately, in this scenario, the damage has been done - the network has been infiltrated. A great deal of files within your network have been encrypted and are now totally inaccessible to everyone in your organization. Your applications, which rely heavily on data, go down and nobody can get work done. Your CEO is envisioning money flying out the window as the hours tick by and productivity plummets.

In situations like this, it is not only crucial to recover, but to recover quickly. As you work to restore your data, you realize that your most recent restore point was five days ago. That is five days’ worth of data and documents, lost. Reverting to those files is going to make a lot of people very unhappy. Paying that ransom is beginning to look like a good idea. But you cringe, thinking of the money your company is losing by paying the ransom, not to mention what it is costing in lost productivity. In some cases, cyber criminals are making off with millions of dollars after a single ransomware attack. In fact, Business Insider reports the largest ransomware payout to date was made in 2021 by an insurance company at $40 million, setting a world record. Emboldened by an increase in the rate of organizations that are willing to pay to get their data back, criminals are raising the price of their ransom.

Secure your most important information with BackupSimple powered by Metallic from SoftwareOne

There are 3 key elements in protecting your data in the face of ransomware attacks:

  • Anomaly detection: Ransomware is often disguised as a legitimate file or communication when entering a system, and then rapidly starts encrypting your data, making it useless. Anomaly detection provides AI-powered capabilities that detect suspicious activity before ransomware can successfully penetrate your data, recognizing and monitoring files so it can spot abnormal file access patterns and triggering this notice.
  • Data immutability; Air-gapped, immutable data copies can provide a safety valve for businesses experiencing ransomware attempts. Separate data backups provide a copy of your data that cannot be altered, modified, or deleted.
  • Rapid recovery: While data isolation keeps your data safe, you also need tools to efficiently restore that data and deliver business continuity. Recovering from attack requires robust capabilities that enable your business to rapidly restore data to your users, eliminating costly downtime and helping meet recovery SLAs.

To fully protect your Microsoft 365 data from ransomware attacks, it is crucial to back up everything to a secure location offsite. SoftwareOne’s BackupSimple powered by Metallic solution has been crafted to ensure that you always have a fresh backup of your files and data. With the combination of world-class managed services from SoftwareOne and award-winning SaaS data protection from Metallic, you can keep your data safe and recoverable in the face of ransomware and other data loss threats. BackupSimple powered by Metallic leverages a unique, multi-layered approach to data protection, providing robust controls to both prevent threats and ensure data is highly available and recoverable from deletion or attack. So, even if you are targeted by ransomware, you have a way to keep operations going and keep productivity levels high.

BackupSimple powered by Metallic is not hosted onsite, so even if your network is compromised, your data is safe. What’s more, the data stored in the BackupSimple powered by Metallic repository can be recovered quickly so your Microsoft 365 service is restored within defined SLAs. This means operations continue running smoothly and the loss in productivity and revenue is limited.

Plus, we aim to provide you with a consistent and compliant backup process. We understand every organization has its own backup policies and security obligations which is why we work to align BackupSimple powered by Metallic with your organization’s unique needs. This way, you’ll have peace of mind knowing your organization has ongoing backup compliance.

Last but not least, we create a remote workplace solution that is built to last. With BackupSimple powered by Metallic you plan for a comprehensive and streamlined data recovery - centralizing all your backup needs and providing a single secure, scalable and resilient platform which you own.

Defend against future attacks

Cyber attackers will always devise newer, better versions of ransomware to exploit new vulnerabilities in the apps used within your organization. Aside from practicing good cybersecurity hygiene, your only other defense is backing up your files and data somewhere other than your network. And when you enlist the help of SoftwareOne, we make sure you have everything you need to stay safe and secure.

A black background with blue lines on it.

Prepare your remote workers for change

Our Adoption Change Management team can help your remote workers learn to love new technology.

Prepare your remote workers for change

Our Adoption Change Management team can help your remote workers learn to love new technology.


A silhouette of a person on a white background.

Matthew Showers
Global Best Practice Manager - Technology Services

Data Backup Specialist