The Ransomware Phishing Expedition

July 20, 2021
Data Protection, Disaster Recovery, IT Security

It looks innocent enough. It’s an email from Dave in Accounting, even though you really don’t know Dave. There’s also one from your real estate professional, which is a bit odd since she sold you your house more than three years ago.  And what’s this email from your bank about an overdrawn account — and why is your bank emailing you at work?

The emails in question include attachments you’re supposed to open or links you’re supposed to click on. The senders may have even provided a compelling case for following through so it shouldn’t be a problem, right? Maybe not. But then again, you might be the victim of a phishing scam and opening the door to a ransomware attack.  

Phishing Emails

Ransomware is often delivered via phishing emails — emails designed to trick recipients into clicking on a malicious attachment or visiting a malicious website. Once they do, the ransomware infects a computer, restricting access to its data until a ransom is paid.

Phishing works because it employs social engineering, the psychological manipulation of people to get them to perform certain actions — like opening an email. It doesn’t take much. People are curious by nature, which is why so many employees click on phishing emails even when they look suspicious.

In some cases, the emails get opened because employees are in a hurry and don’t take the time to “assess” the potential legitimacy of an email. Other times, the email subject line might instill fear, confusion, or intrigue the recipient. Consider how a Microsoft Word user might respond upon receipt of an email whose subject line reads: Your Microsoft Word subscription has expired.

The effectiveness of these tactics is the primary reason that ransomware-carrying emails are increasing. According to the FBI, phishing was the most common type of cybercrime in 2020, and phishing incidents nearly doubled in frequency, from 114,702 incidents in 2019 to 241,324 incidents in 2020. Verizon’s 2021 Data Breach Investigations Report (DBIR) reported similar trends, noting that phishing was the top “action variety” seen in breaches in the last year; 43% of breaches involved phishing and/or pretexting.

While many of these types of communications are sent to random email accounts, another type — spear-phishing emails — are more targeted and even more effective. They’re designed to appear to come from a trusted source, such as a co-worker or company leader. Who is going to hesitate to open an email attachment sent by the head of HR or the CEO?

Cyber-criminals also employ other sneaky tactics to increase the chance of the targeted victim opening a spear-phishing email. Among them: social media. It’s not uncommon for cyber-attackers to research the social media pages (LinkedIn, Facebook, etc.) of their targets to gather information about interests, families, friends or job. They’ll then use that information to craft a subject line and email content that will make the target more likely to open the email.

Free eBook: “Enemy at the Gate: A Guide to Keeping Ransomware Out. 

Education as a Security Tactic

So, who can you trust? Is every email suspect? Is it possible to keep ransomware from sneaking into a system?

There’s no single solution to warding off ransomware, but there are tactics that can help make ransomware attacks less probable. One of the most important is educating your employees on how to detect emails that may contain ransomware. Employees are often the targets of ransomware attacks so make them your first line of defense.

Impress upon employees to:

  • Never open emails from people they don’t know or who they typically don’t receive emails from — even if it’s someone in their own company.  If in doubt, employees should call the "sender" to confirm its legitimacy.  The same applies if the email contains an unusual request or just appears strange.
  • Assess both the sender and the subject line of all emails. Unless employees have provided their work email to banks, retailers, schools, organizations or others outside the workplace, emails from those places or concerning non-work-related activities shouldn’t be arriving in their inboxes.
  • Steer clear of emails that are filled with spelling errors and bad grammar.    
  • Hover over links in emails before clicking on them to see if they go where they are expected to go. It's very easy to hide or spoof a link, and a display URL doesn’t always go to a destination web page.   
  • Not be taken in by scare tactics such as warnings that flood the user’s screen claiming that malware has been detected or the computer has been hacked. If a system does become infected, that’s not how the user would be notified. 
  • Be wary of attachments, especially if they are not expected or the employee doesn’t know the sender.  (You can help with this by using an email security appliance to block attachments or to limit the types of file extensions that can be delivered via email.)
  • Take all IT security training seriously. Many companies require their employees to undergo frequent training on various subjects. Some employees approach these educational endeavors as “let’s just get this out of the way” type tasks rather than taking the time to absorb the messaging and its importance. You can help by reinforcing all security training with frequent, consistent messaging and reminders, as well as “blind tests” in which you send fake phishing emails to test employees’ responses.

Must-have Phishing Defenses

Beyond employee education, there are numerous security protocols and technologies that should be implemented to help combat phishing attempts. Among them:

  • Implement and reinforce a security policy that includes but isn't limited to password expiration and complexity.
  • Use a managed firewall service that protects your private network from both external and internal cyber threats by leveraging detection and prevention mechanisms
  • Keep all systems current with the latest security patches and updates.
  • Take advantage of website and application security solutions to protect against a wide range of internet-based threats, including volumetric, distributed, and multi-vector DDoS attacks, SQL Injection attacks, and content scraping.
  • Install an antivirus solution, schedule signature updates, and monitor the antivirus status on all equipment.
  • Use a SPAM filter that detects viruses, blank senders, etc.
  • Deploy a web filter to block malicious websites.
  • Encrypt all sensitive company information.
  • Convert HTML email into text-only email messages or disable HTML email messages.
  • Require encryption for employees that are telecommuting.
  • Undergo a vulnerability management or IT security assessment to identify potential security issues and fix them before they become problems.

Your Next Move

Combatting phishing schemes requires a multi-layered security approach. US Signal’s solution architects and security experts can help you craft a well-rounded data protection strategy to help keep ransomware out and keep your data safe should ransomware find a way in. For more information, call 866.2. SIGNAL or email [email protected].