Forum Discussion
Is Exchange Online Threatened by Ransomware?
Akshay_Mane Well, thank you for the marketing write-up on behalf of Exchange Online Protection (how much did you cut and paste direct from Microsoft's documentation?). I admire your confidence that EOP and ATP will catch every single piece of malware that arrives for checking. The reality is that some percentage of malware gets through and some users open infected messages. Hence the need for caution.
But please continue to be confident. It's nice to see such faith expressed in EOP and ATP.
For more information about the percentage of infected messages that get past defenses, read the discussion in https://www.petri.com/phishing-report-exchange-online-protection.
Before writing this piece, I spoke to the EOP engineers about the challenges they face in suppressing malware. It's a huge technical and logistical challenge, which explains why some malware will always get through.
- Exchange servers are in MS data centers and hence i don`t think there is any ransomware threats... however, if anyone sends email to you/your account, with malicious code, it will impact you local computer from where you are accessing the emails from... in this case you can use/trust EOP.If MFA is enabled it will be almost impossible for hacker to penetrate, as far as accessing the account.Regards,Akshay
Akshay_Mane Given that I have been writing about Office 365 since 2011, and Exchange since 1996, I think I know where the Exchange Online servers are located.
Remember that ransomware can be delivered by email. As we have already established, some malware gets through anti-malware defenses and will arrive in user mailboxes. Depending on the attack vector, all it might take is for a user to open a message and click a suspect link to cause their complete mailbox to be infected by ransomware (the proof of concept offered in the Mitnick demo). MFA doesn't come into the equation if a user is lured into granting an app permissions over their mailbox.
The possibility of a successful ransomware attack on Exchange Online exists. I personally feel that attackers will choose easier targets, but that doesn't mean that we should be complacent and rely on anti-malware tools to protect mailboxes from infection.
