There are many tools and settings in the Office 365 service that enable identity access toughening, end-user access, follow-up and filtering by conditions, and many other interesting capabilities, in addition to all those familiar capabilities, also have small settings that can make a significant difference and harden the way your organization works. In this article, we will focus on limiting the synchronization of ransom file extensions to the SharePoint Online service. Recent cyber-attacks leave many organizations exposed to threats and dangers when the user side is the main problem and therefore we need to put emphasis on users to minimize the threats and dangers, especially against ransom attacks in which the files are encrypted by the attacker and leave no choice except to perform backup and in a few cases only decrypt On the files with a particular tool.

Both SharePoint Online and OneDrive for Business have data-level encryption that is categorized by data in transit and data at rest

• Station-to-service traffic - all user and station traffic is encrypted using SSL \ TLS with 2048 keys and any change in information gets another encryption key

• Traffic between Data Center - a mechanism of replication between server experiences and DR needs when all traffic is encrypted

• Disk Encryption - Encrypts information with BitLocker on any disk

• File Encryption - Each piece of information in a file is encrypted on top of AES with 256 keys

There is no doubt that the information between the user and the level of service is encrypted and protected and it can be said that if files are infected with some ransom they can not be synchronized to the cloud. In SPS Online we can harden the user's synchronization and access to the cloud by blocking file types, which can be hardened at the Admin Center interface or the PowerShell interface.

At the Admin Center level

• Login to the interface https://admin.onedrive.com

• In the Sync tab, choose Block syncing of specific file types

• Then type the file types

After selecting the files we will save and then verify that there is no synchronization on some files.

• PowerShell interface

• Step 1:Download SPS Online PowerShell

• Step 2:Connect to the SPS Online PowerShell interface with the following command: $ adminUPN = "eshlomo@elishlomo.us" $ orgName = "office365labs" $ userCredential = Get-Credential -UserName $ adminUPN -Message "Type the password." Connect-SPOService -Url https: //$orgName-admin.sharepoint.com -Credential $ userCredential

• Note:* Make sure an admin user, a domain name as listed on the SPS Online levelThen run the following command

• Step 3: Set-SPOTenantSyncClientRestriction -ExcludedFileExtensions "ecc; ezz"

The main difference between the Admin interface and the PowerShell interface is in the management of the above operations, for example, the above operation can be executed automatically with the XML file against the above command and in a timed way.

Types of ransom suffixes (partial list)

*. * cry *. * crypto *. * darkness *. * enc * *. * kb15 *. * kraken *. * locked *. * nochance *. * obleep *. * exx * @ gmail_com _ * *@india.com * * cpyt * * crypt * * decipher * * install_tor *. * * keemail.me * * qq_com * * ukr.net * * restore_fi *. * * help_restore *. * * how_to_recover *. * * .ecc * .exx * .ezz * .frtrss * .vault * want your files back. * confirmation.key enc_files.txt last_chance.txt message.txt recovery_file.txt recovery_key.txt vault.hta vault.key vault.txt * .aaa * .zzz * .abc