File Content Heuristic Engine
Ransomware is a type of malware that encrypts files and removes originals in an attempt to force an enterprise to pay to get the key. If a Filecloud client computer were compromised by Ransomware, files would be encrypted and synchronized to FileCloud server. The encrypted file would be versioned and backed up and synced to other clients. Recovery, while possible due to versioning (older files will still be present), is time consuming and cumbersome. It also requires server downtime.
With v13, FileCloud has a built in Heuristic Engine that can detect file types based on their content signature. If the detected file type does not match its mime type, then a variety of actions can be set up.
The File Content Heuristic Engine is a part of FileCloud's Workflow Facility.
To can every file that is uploaded into FileCloud, set up a new workflow with the following condition:
Select the "If a file is created" condition
Set the parameter to scan "/" , indicating that all files need to be scanned. If you have uploads restricted to specific folder (like /EXTERNAL/docs/uploads), then that folder can be set up as well
For this condition, there are two possible actions.
Verify file integrity and generate admin alert on mismatch : This action will detect the mismatch and will add an entry to the "Alerts" section of Admin portal
Verify file integrity and delete on mismatch: This action will detect mismatch and delete the file from the filecloud system. An Audit entry will be added to indicate that the file has been deleted by the workflow
In both cases, a pop-up in the user interface notifies the user that the content and file type extension do not match:
Set the parameter in the workflow to ignore the file if it exceeds a certain size. In the following example, it is set up to ignore the file if its size exceeds 10 MB.
Assign a name for the Workflow