For obvious reasons, many businesses and governments choose not to broadcast ransomware attacks. However, it’s hard to ignore that they have been steadily increasing throughout the years. Reports show that 68% of organizations worldwide faced such attacks in 2021, with more than half originating from phishing emails. You’ve probably heard of the big ones, like Colonial Pipeline and Acer.
Reasons Ransomware Attackers Love Email
Despite there being multiple channels to deliver this threat, like RMM software, many hackers opt for email. A phishing email is the simplest mode of delivery and, unlike a remote attack, doesn’t require much skill to execute.
Phishing Emails: Simple to Set Up
Creating a phishing email doesn’t take much skill. All a hacker has to do is make an email look like it came from a particular company. This means applying brand images and logos. Spoofing the display name for the email address isn’t difficult, either.
If hackers don’t have time to waste on creating a fake email, they can even purchase phishing kits online. These come with all the necessary components for a successful phishing attempt. Some even go as far as identifying targets, creating the email, and gathering the data. There are also free tools that assist with bypassing email filters.
Ransomware Kits: Inexpensive and Ready to Go
Ransomware kits are readily available online, and you can get one for around $500. They ease threat deployment and are available as ransomware-as-a-service (RaaS). These kits offer everything one needs, including real-time reporting tools. What’s interesting about the RaaS payment model is that the hacker pays a portion of the ransom to the software developer.
Although RaaS operators come and go, some famous kits include Locky, Goliath, Shark, Stapado, and Encryptor. Ryuk ransomware is the RaaS responsible for an attack on the City of New Orleans. What was the method of delivery? You guessed it: Email!
Social Engineering: The Perfect Weapon
Social networking platforms like LinkedIn and Facebook are excellent sources of information for hackers. Those places reveal an employee’s new position and give the attackers an idea of how to write the perfect phishing email. The more people share about themselves on social media, the higher their chances of becoming victims of phishing attempts.
CEOs and CISOs can identify phishing emails, but a new employee might not have received the proper training to do so. Therefore, a new staff member is a likelier target. They might click on a link from an email mentioning an unpaid Microsoft 365 subscription or credit card bill and get caught in the trap.
Emails and Shared Files: Cozy Hiding Spots
Email filters usually don’t scan attachments, making them the perfect hiding places for phishing links. Many hole up in fake invoices. Once a victim clicks on a malicious link in the document, malware finds itself on the computer. Some don’t even require a link to be clicked; in these cases, the moment the attachment opens, the download begins.
Alternatively, ransomware attacks launch through spoofed file-sharing notifications. These contain links to the malicious files, which work in a drive-by method. Employees who constantly work on SharePoint or OneDrive need training on identifying such emails.
Multiphase Attacks: More Damage
Sometimes, an email is just the start of the attack. Therefore, merely training staff on identifying spoofed email addresses is not enough to avoid ransomware attacks. A hacker might attempt something called spear phishing, targeting specific executives to gain access to company credentials.
A hacker might slowly gather information, seeking multiple ways to bring the company down. Such attackers send internal emails and pose as colleagues. Sometimes, they siphon off small incremental amounts using fake invoices. In other cases, they look for weak points and work their way up to ransomware or other attacks.
Preventing Ransomware
Since most ransomware attacks begin with phishing, make it a point to train your employees to identify risky links and attachments. With enough drilling, they’ll understand how important it is to always be on the lookout.
Another obvious prevention method is by implementing a proxy to protect devices connected to the company network. Proxies increase security, blocking access to malicious sites. In addition, you can set them up to block all other proxies except the ones approved for traffic. Click to visit one of the most trustworthy providers in the business. If you’re looking for other choices, bestproxyfinder does a fantastic job of comparing the best in the field.
latestdigitals & technnology news site