OneDrive and Office 365 get anti-ransomware protection with auto-detection and 30-day roll-back

Microsoft is adding features to OneDrive and Office 365 that help protect against Ransomware from making user's files irrecoverable. Their solution is to bring the ‘Files Restore’ service from their business products and add it to consumer offerings. Files Restore allows users to restore their entire OneDrive storage back to any previous point within the last 30 days.

Initially, this feature was designed to protect against mass deletion or file corruption, i.e., situations where restoring files individually one-at-a-time isn’t a practical solution. Ransomware functions similarly to these events, so it would make sense that Files Restore works just as well for this sort of problem. Dropbox is one of the few alternatives that also offers bulk restore.

Manual backups stored separately from the computer, such as on an external hard drive or in online-only storage, help prevent the loss of files. But cloud storage and sync services have historically been vulnerable since a locked file would overwrite the original file during syncing.

To supplement Files Restore, Microsoft has added the ability to detect ransomware attacks into Office 365. A notification will be sent via email, desktop, and mobile (via the OneDrive app), and selecting this will load up the restore window to show the date and time of the attack with the option to restore to before that point.

We haven’t been able to clarify whether this applies to all paid versions of OneDrive or just the Office 365 version. The confusion comes from the way that OneDrive plan tiers work. Users can choose a smaller 50 GB OneDrive plan, but the 1 TB plan is called "Office 365" and comes with the full office suite, and Microsoft is advertising this as an Office 365 feature.