Nextcloud is one of the finest on-premises cloud servers you can deploy. It’s powerful, flexible, open source, and free. But as with anything tech, everything can come to a screeching halt when a user uploads (or downloads) a piece of ransomware. The developers of Nextcloud are quite aware of this and have created a new app to help fight the growing onslaught of ransomware.
Said app is the Nextcloud Ransomware protection app. Although the app is in the (somewhat) early stages of development, it is available for installation and use. How does it work? According to a Nextcloud report:
“…files would be examined and a Shannon entropy measure would determine whether the file is likely to be encrypted. Their implementation is clever in separating compressed data from encrypted files. Other important metrics include the number of files uploaded in over a short time period, or if lots of files with unknown extensions show up. The app closely looks at sync steps and tries to identify when a large number of files is being changed in a suspicious way.”
The new app includes an easy-to-use interface that serves as a guide for data recovery. Let’s install the app and see how it works.
See: Cybersecurity spotlight: The ransomware battle (Tech Pro Research)
What you’ll need
Obviously, you’ll need a working instance of Nextcloud. You’ll also need to be able to log into Nextcloud as an administrative user. Other than that, you need nothing more.
Log into your Nextcloud instance as the admin user. Once authenticated, click on the profile dropdown (upper-right corner) and select Apps. In the left navigation, click Security. In the resulting page, locate the Ransomware entry (Figure A).
Click the Enable button associated with the Ransomware protection app. Once the installation completes, the app will be enabled and working. You can configure the app by clicking on Security in the left sidebar. In the resulting window (Figure B), you can enable/disable and configure the inclusion/exclusion of extension patterns and note file patterns. At the moment, that’s all there is to the configuration options.
See: 17 tips for protecting Windows computers and Macs from ransomware (free TechRepubic PDF)
What happens next?
When a user attempts to upload a file, the Ransomware app will test the file. Should the file test positive for ransomware, it will be blocked from being uploaded. The user is then offered the possibility of pausing protection (if they know the file is safe) or getting help.
It’s not perfect, but it’s a start
One of the issues facing apps like this is that some ransomware creators use random filenames or generic terms for instruction files, so detection can be a challenge. But this is certainly a start for Nextcloud. Considering how actively Nextcloud is developed, I would imagine this type of protection is only going to get better fast. I would highly recommend every Nextcloud admin adding this app to their installation. Even with the challenge facing developers to protect their apps against ransomware, any help given to end users is a step forward.