Reducing Risk of Phishing and Ransomware in the Enterprise

Posted by Trevagh Stankard on Thu, Jun 17th, 2021

The introduction of work-at-home employees and the global pandemic lockdowns shifted technology focus to cybersecurity as attackers developed more sophisticated ways to compromise business systems. A Global Risks Report indicated that 2021 will focus on better cybersecurity strategies to detect and stop phishing and ransomware. These two attack methods are increasingly more common and effective for threat actors to steal data or extort millions of dollars out of target businesses.

The Current Threat Landscape

The three main target issues for cybersecurity in 2021 according to Osterman Research are:

• Protection of endpoints (e.g., user devices or connected computers)
• Educating users about ransomware and protecting them from being victims
• Protecting backups from ransomware

As you can see, two of the three focuses are ransomware. Ransomware continues to maintain its position as one of the most damaging threats in today’s cybersecurity landscape. The malware encrypts data with cryptographically secure cipher, so it’s technically impossible for the targeted victim to remediate the issue. The only way to recover from a ransomware attack is to use backups to restore data or pay the ransom. For obvious reasons, most businesses would rather use backups to recover.

Because backups are a recovery solution for victims, the third concern must be a priority for organizations in case they become a successful target. Ransomware authors program their malware to scan the network for backups, which reduces the chance of recovery for targeted victims. Without backups, the targeted victim is forced to pay the ransom, which is the primary goal for the threat actor.

If a business does not pay the ransom, the final strategy for the attacker is to threaten disclosure of the organization’s private data. The threat actor will often threaten to disclose the data breach to the public, which could lead to brand reputation damage and potentially additional lawsuits and compliance penalties.

Should the business fail to recover from backups, they can sometimes negotiate with the ransomware owner. In current attacks, the ransomware owner includes a digital contact number (e.g., WhatsApp or Telegram) for victims to use should they have any questions. For example, the Broward County School District was able to negotiate with ransomware authors to lower the payment from $40 million to $10 million.

Phishing and Ransomware Work Together in a Compromise

To get the ransomware on a targeted system, the attacker needs a vector. In many cases, the start of the ransomware compromise is an email. The email message could contain a link to a malicious website, or the threat actor could attach a document with a macro that downloads the malware to the local device. Most email systems block executable files, but attackers might use a malicious executable file or script to install the ransomware.

Users should be trained to identify suspicious email, but human error is a primary issue in cybersecurity. Attackers only need one user to fall for a phishing email to successfully install ransomware, so it’s an effective strategy. Because it only takes one successful phishing email, an attacker might send hundreds to specific users within the organization.

Read the Osterman & TitanHQ Report: How to Reduce the Risk of Phishing and Ransomware

Email Cybersecurity is a Primary Defense

Cybersecurity training is often the first defense in ransomware and phishing, but it still leaves the organization open to human error. The only way to stop human error is to stop malicious messages from reaching the recipient’s inbox. Email cybersecurity that detects and filters out suspicious messages is the primary defense in ransomware and other attacks that start with a phishing campaign.

Ransomware is damaging to any organization, but phishing is also used in other malware injection. It’s also used to steal user credentials for personal accounts or business network access. Email cybersecurity detects all these malicious messages and quarantines them before allowing messages to reach the user’s inbox.

When cybersecurity defenses quarantine the email, administrators can review messages. By allowing administrators to review messages instead of simply deleting them, administrators can review messages for false positives and send any that should be rightfully sent to the recipient. Without quarantine, users could lose important messages that contain critical attachments. Administrators can also determine if a targeted phishing campaign is ongoing so that they can further train and educate users to be more alert in case of false negatives.

As ransomware continues to grow in popularity, email cybersecurity is more important than ever. Backups are still necessary, but email cybersecurity is your first defense against these attacks. Blocking malicious messages saves money, time, and potential issues from a successful ransomware attack and serves as a strategy to protect the business from human error.

On June 30th, TitanHQ hosted a webinar with Osterman Research on How To Reduce the Risk of Phishing and Ransomware. Watch back this webinar and discover the findings of this brand-new study from Osterman Research. This research was conducted among 130 security professionals and looks specifically at the rising threats of phishing and ransomware, and how the risks of both can be reduced. Watch the webinar on demand.