How to reduce ransomware damage in Google Workspace

How to reduce ransomware damage in Google Workspace

Index

• Ransomware infection path and severity 2
• Typical prescriptions from Ransomware solution providers 2
• Using Google Workpsace for Ransomware Prevention 4

How to set up the Google Workpsace administrator to prevent Ransomware damage in the enterprise 5

What the Google Workspace administrator should do 5

First, how to control attachments received by email in organizational and individual units (administrators) 5

Second, Google Drive  Sync app usage control (admin) 9

Third, Google Workspace Business Team Drive Authorization Control (Administrator) 11

What the normal user should do 14

Back up my computer with the new Google Drive Backup & Sync app 14

How to use the new Google Drive backup and sync app 15

• How to restore the previous version when you delete or change the original file 16
• What to do if the Google Worksace user is infected with Ransomware 19

Ransomware infection route and severity

Ransomware has been infected by opening e-mail attachments or visiting suspicious websites. However, it is known that it is infected even if only Internet connection is used by using security weakness of MS Windows OS recently.

According to the security industry, the main culprit is the "WannaCry," which began circulating around Europe on December 12 (local time). Warner Cry is a variant of Ransomware known as WannaCrypt, which infects computers by exploiting security vulnerabilities in Microsoft's Windows operating system.

Key files in the infected computer are encrypted and can no longer be opened by the user. The attacker requires $ 300 as a condition for passing the encryption key and doubles the price if he does not pay the ransom within three days. The attacker threatens to permanently delete the encrypted file if he does not pay the ransom for seven days.

WarnerCry was able to spread around the globe in the first place because it would automatically be infected by running email attachments or visiting certain Web sites, unlike traditional Ransomware, even if they were only connected to the Internet. WarnerCry also has a worm feature that uses Windows Server Msessage Block (SMB), a file-sharing network feature of Windows, to infect not only that computer but also other computers connected to the network.

Because of this situation, there is no way to avoid infection with Ransomware, so its severity is higher than expected.

Typical prescriptions from Ransomware solution providers

A security vendor supplying a vaccine does not offer a specific solution for files already infected with Ransomware (files encrypted by Ransomware). However, in order to minimize infection in advance, four guidelines are suggested.

• Spamming Email Attention
  
• Back up important files
  
• Set "Read Only" for important documents
  
• Maintain the latest security patch of MS Windows OS
  

In other words, the point of this rule is that one of the Ransomware infection route is received through e-mail, and if you get infected, you should make the original backup to the safe store so that you can restore the original.  

Security solution vendors are pushing the introduction of a spam processing e-mail system that prevents spam in addition to existing e-mail systems. Storage or backup solution vendors are promoting the need for backup devices to back up important files.

It is an important document, but it is not uncomfortable to set it as 'read only' as it should be edited frequently. In some cases, document management solution providers may encourage the introduction of expensive document management systems that can be centrally controlled, while important documents are managed with appropriate security regulations.

MS Windows OS security patches are made from time to time. However, since malware hackers who create Ransomware are always exploiting Windows OS vulnerabilities, OS security patches are not a fundamental solution.

Full Content Download - PDF