Forum Discussion

severt's avatar
severt
Copper Contributor
Mar 05, 2019
Solved

how to recover from a ransomware attack that encrypts files on sharepoint

Hi all:    I work for a small organization that relies on Office 365 sharepoint sites.  All 20 users have 365 for business licenses.  I have my team set up using onedrive syncing the sharepoint sit...
office 365
onedrive
sharepoint
  • Cian Allner's avatar
    Cian Allner
    Mar 05, 2019

    There isn't an equivalent feature as there is for https://support.office.com/en-us/article/restore-your-onedrive-fa231298-759d-41cf-bcd0-25ac53eb8a15. Microsoft can on request via support, I understand restore a site collection for this sort of situation with mass data loss. It's alluded to here - https://blogs.technet.microsoft.com/sposupport/2016/09/19/handling-ransomware-in-sharepoint-online/. It's not a particular flexible option but it's good to have the possibility at least.

     

    severt There are a few more details here http://icansharepoint.com/restoration-options-sharepoint-online/ and 'Getting a Microsoft restoration' as well as what else is available.

Cian Allner's avatar
Cian Allner
Silver Contributor
Mar 05, 2019

There isn't an equivalent feature as there is for https://support.office.com/en-us/article/restore-your-onedrive-fa231298-759d-41cf-bcd0-25ac53eb8a15. Microsoft can on request via support, I understand restore a site collection for this sort of situation with mass data loss. It's alluded to here - https://blogs.technet.microsoft.com/sposupport/2016/09/19/handling-ransomware-in-sharepoint-online/. It's not a particular flexible option but it's good to have the possibility at least.

 

severt There are a few more details here http://icansharepoint.com/restoration-options-sharepoint-online/ and 'Getting a Microsoft restoration' as well as what else is available.

  • severt's avatar
    severt
    Copper Contributor
    Mar 05, 2019

    Thanks for the replies!

     

    Disappointing though.  My nightmare scenario is that one user gets the virus, it goes through all of the files locally , opens, encrypts, saves the file with the same name and extension.  They are propagated back to the sharepoint site.  Now I have to individually restore all files.  Ouch!

     

    Looks like I will need to find a backup solution outside of Office 365. 

    • ChrisWebbTech's avatar
      ChrisWebbTech
      MVP
      Mar 05, 2019
      This is coming, they talked about it at Ignite, so I don't think it should be very much longer.
    • Cian Allner's avatar
      Cian Allner
      Silver Contributor
      Mar 05, 2019

      Agreed, it would be very useful to have more options for this scenario without having to resort to 3rd party solutions. It wouldn't be surprising if Microsoft improves this situation in due course. Here is Microsoft's official position on https://docs.microsoft.com/en-us/office365/securitycompliance/office-365-malware-and-ransomware-protection.

Resources