Ransomware has evolved from targeting individuals to extorting large sums of money from businesses with the threat of releasing or destroying their private company data. This type of email-based attack can cause tremendous financial losses as well as reputation damage that’s difficult and expensive to repair.

Read our ransomware white paper now for insights from Agari Chief Scientist Markus Jakobsson about:

  • The fundamentals of ransomware attacks.
  • Ransomware delivery techniques and examples.
  • Countermeasures you can take to prevent these attacks from reaching your organization and employees.

Thumbs Up or Down?

Is the example email above legitimate or not? That may be very difficult for a typical user to determine. The sender is “prospectus_mbox@investordelivery.com”; the greeting is suspiciously anonymous with “Dear Valued Customer”; and the URLs are related to “newriver.com” instead of E*TRADE. If we were to rely purely on the well-meaning advice given by organizations like the FBI, we would surely conclude that this is a bad email – but in reality, this email is actually legitimate.

It is therefore no surprise that people are frustrated by internet security. Given how users are “trained” by authoritative bodies and service providers to accept emails such as these, it is also not surprising how successful malware distributors are. Clearly, relying on the end user for security is largely pointless.

The inability to secure email is the number one cybersecurity threat facing businesses, governments, and individuals today.

Tricks to Track Down

Alongside email attacks, some Trojans masquerade as security patches, and some use deceptive names to increase installation rates. For example, consider this hypothetical case in which a user performs an action that leads to being asked whether she wishes to install a piece of software. The software is deceptively named “Vital security patch.exe”. In addition, the malware author chooses a deceptive publisher name — ‘Run_ immediately.click’ — in the hopes that the recipient mistakes this for an instruction.

A Common Series of Events

It is clearly helpful to recognize that most ransomware attacks are indeed just email-delivered Trojans that follow a typical flow of events. To summarize, the chain usually looks like this:

  • A user receives an email commonly appearing to be from somebody they know, or a company they have a relationship with. It might be that the sender has just set a deceptive display name; it might be that he spoofed a trusted sender, or it might be that he sent the email from an account that has been taken over by an attacker. Other emails simply focus on making the email content sufficiently convincing or intriguing.
  • The email contains a hyperlink or an attachment. If the user clicks on the link/attachment, this will initiate an installation of malware. The user may have to agree to the installation.
  • The malware will run. Ransomware will typically encrypt the hard drive of the victim computer, then issue a ransom note.
  • After the attacker has received the requested money (commonly using Bitcoin, since that does not make tracking feasible), the decryption key is released.

Unforeseen Consequences

Contrary to popular belief, the losses due to ransomware attacks are not limited to the ransom paid. The theft of data can have a significant impact on victims, whether individuals, organizations or governments – ranging from personal anxiety and PR disasters to unwanted exposure to competitors and hostile nation states. Loss of data can eat away at the fabric of trust, and the fear of potentially becoming victimized can limit productivity by forcing the use of onerous protective procedures.

It is increasingly becoming clear to organizations that the greater risk relates to having your data destroyed or private company information shared, as opposed to having to pay a $17,000 ransom. Moreover, even if a victim pays the ransom, there is no guarantee the stolen data will not get published or used against them.


Close button
Mail Letter

Would you like the confidence to trust your inbox?