Asigra brings better backup ransomware protection to Office 365

Fingerprint samples

Asigra has added ransomware detection and quarantine to its Office 365 backup product. 

Cloud Backup with Deep MFA integrates with O365 and scans all files in real-time with signature-less malware and ransomware detection engines, isolating malicious code and alerting administrators of infection. The software also protects against immutability subversion attacks using step-up or Deep Multi-Factor Authentication as users access sensitive application controls. This prevents threats from penetrating backup and replication streams.

Eran Farajun.

Asigra EVP Eran Farajun said in press announcement: “For cloud and SaaS apps like MS Office 365, the customer’s backup is the last line of defence in cases where an attack has occurred. Only a sophisticated anti-ransomware suite is capable of identifying and quarantining malicious ransomware code while preventing infiltration into backup controls to ensure data is well-defended.”

The Asigra software enables users to schedule point-in-time backup copies of mailboxes and data residing in Office 365 Exchange Online, Office 365 Groups, SharePoint Online, and OneDrive for Business. Admins can determine backup frequency, retention duration and restoration granularity.

Ransomware producers can mount phishing expeditions against backup administrators and steal their credentials. They can they log in and reset backup immutability retention periods from months or weeks, to hours. Next they run a backup to its conclusion, and then delete it after the now minimal retention period.

Fingerprint samples

That deletion is then followed by a ransomeware attack and the victim finds there is no recent backup to use for recovery.

Deep MFA goes beyond username and password credentials by using fingerprint or facial recognition on smartphones. This personal identity check needs to be passed before any backup task is run. Malware actors can no longer login as before and are prevented from corrupting policy settings or deleting backup data. Sounds like a good – and overdue – idea.