Nextcloud presents Ransomware Protection app

Admin configuration

As we blogged before, ransomwares cost consumers and businesses huge amounts of money. For 2016, the total cost is estimated to be $1 billion globally but WannaCry and its successor Petya do more than hitting headlines. One company, Reckitt Benckiser, known for Dettol cleaning products, Nurofen tablets, Durex condoms and more, warned investors it could lose $120 million in lost revenue due to the Petya attack. Danish transport and energy firm Maersk and FedEx’s delivery subsidiary TNT Express were both hit so hard they were still recovering earlier this month.

It is difficult to deal with Ransomware and while frequent backups are helpful, Nextcloud has decided to get involved in helping combat the damages of an attack. We’re proud to present you the Ransomware Protection app!

Notification of potential ransomware

Developing some protection

In the aftermath of the recent attacks, users have been asking: do public or private cloud solutions provide protection against Ransomware? To some degree, they do – these services often provide access to older versions of files and are backed up. But none really do much in pro-active terms to help. With the massive costs our users and customers see themselves confronted with, one Nextcloud developer has put together an app which helps protect users against Ransomware.

Ransomware comes in many varieties. In most cases, it encrypts user data, creating new files with a different last name and removing the older files. It also puts in place a file which contains instructions on how to get the files ‘unlocked’ again.

The Ransomware Protection app makes use of this characteristic. It detects common file names used by ransomware and responds by blocking further uploads and warning the user and administrator, who can then take action. As the sync client is constantly syncing, this should leave very little window between the last legitimate modification of user data and the malicious activity. However, if something made it through, users can still rely on the ability to restore older versions of files on the server.

protection temporary disabled.

Features and limitations

The protection offered is not complete. Some ransomware uses random filenames and very generic terms for the instruction files, thus offering little opportunity for detection and prevention. New ransomware also shows up regularly. However, an estimated 95% of the current ransomware can be caught and partially or fully stopped in its tracks and we will maintain the app, possibly adding more protection mechanisms. But, for more thorough protection, we still strongly suggest users to follow the instructions from the FBI and other cyber security organizations. Those include installing special anti-ransomware apps or using virus scanners which feature ransomware protection!

The app offers some configuration for the system administrator. New file extensions, file name patterns and instruction file names can be added or removed in response to new threats or to minimize disruption and false positives. Enterprise monitoring applications can catch the notifications in the logs while administrators also get notified in their administrator account when a user decides to ask for help.

Nextcloud users can download the Ransomware Protection app for free on our app store. The source can be found in our Github and if you want to give feedback or contribute to improving the protection it offers, we’d appreciate it!