Ransomware: “Phishing” for the Enemy

September 27, 2017
Data Protection, Disaster Recovery, IT Security

Ransomware: “Phishing” for the Enemy

It looks innocent enough. It’s an email from Joe in Accounting, even though you really don’t know Joe. Maybe it’s from your realtor, which is a bit odd since she sold you your house more than three years ago.  Or, it’s from your bank — but why would your bank be emailing you at work?

Whoever the sender is has included an attachment you are supposed to open, or a link you are supposed to click on. The sender may have even provided a compelling case for following through so it shouldn’t be a problem, right? Maybe not. But then again, you might be the victim of a phishing scam and opening the door to a ransomware attack.  

Phishing Emails

Ransomware is often delivered via phishing emails — emails designed to trick recipients into clicking on a malicious attachment or visiting a malicious web site. Once they do, the ransomware infects a computer, restricting access to its data until a ransom is paid.

Phishing works because it employs social engineering, the psychological manipulation of people to get them to perform certain actions — like opening an email. It doesn’t take much. People are curious by nature, which is why so many employees click on phishing emails even when they look suspicious.

In some cases, the emails get opened because employees are in a hurry and don’t take the time to “assess” the potential legitimacy of an email. Other times, the email subject line might instill fear, confusion or intrigue in recipient. Consider how a Microsoft Word user might respond upon receipt of an email whose subject line reads: Your Microsoft Word subscription has expired.

The effectiveness of these tactics is the primary reason that ransomware-carrying emails are increasing. According to one anti-phishing services provider, the number of phishing emails hit 6.3 million in the first quarter of this year; 93% contained ransomware.

While these types of communications are sent to random email accounts, another type — spear-phishing emails — are more targeted and even more effective. They’re designed to appear to come from a trusted source, such as a co-worker or company leader. Who is going to hesitate to open an email attachment sent by the head of HR or the CEO?

Cyber-criminals also employ other sneaky tactics to increase the chance of the targeted victim opening a spear-phishin email. Among them: social media. It’s not uncommon for cyber-attackers to research the social media pages (LinkedIn, Facebook, etc.) of their targets to gather information about interests, families, friends or job. They’ll then use that information to craft a subject line and email content that will make the target more likely to open the email.

Education as a Security Tactic

So, who can you trust? Is every email suspect? Is it possible to keep ransomware from sneaking into a system?

There’s no single solution to warding off ransomware, but there are tactics that can help make ransomware attacks less probable. One of the most important is educating your employees on how to detect emails that may contain ransomware. Employees are often the targets of ransomware attacks so make them your first line of defense.

Impress upon employees to:

  • Never open emails from people they don’t know or who they typically don’t receive emails from — even if it’s someone in their own company.  If in doubt, employees should call the "sender" to confirm its legitimacy.  The same applies if the email contains an unusual request or just appears strange.
  • Assess both the sender and the subject line of all emails. Unless employees have provided their work email to banks, retailers, schools, organizations or others outside the workplace, emails from those places or concerning non-work-related activities shouldn’t be arriving in their inboxes.
  • Steer clear of emails that are filled with spelling errors and bad grammar.    
  • Hover over links in emails before clicking on them to see if they go where they are expected to go. It's very easy to hide or spoof a link, and a display URL doesn’t always go to a destination web page.   
  • Not be taken in by scare tactics such as warnings that flood the user’s screen claiming that malware has been detected or the computer has been hacked. If a system does become infected, that’s not how the user would be notified. 
  • Be wary of attachments, especially if they are not expected or the employee doesn’t know the sender.  (You can help with this by using an email security appliance to block attachments or to limit the types of file extensions that can be delivered via email.)

Your Next Move

Educating employees is important in combatting ransomware, but that’s only one part of what should be a multi-layered security approach. US Signal’s solution architects and security experts can help you craft a well-rounded data protection strategy to help keep ransomware out and keep your data safe should ransomware find a way in. For more information, call 866.2. SIGNAL or email [email protected].


You can also take advantage of this free eBook from US Signal, “Enemy at the Gate: A Guide to Keeping Ransomware Out.