How does phishing lead to ransomware attacks?

James Dyer | 1st Jun 2023

Cybercrime continues to rise — the 2022 Internet Crime Report produced by the FBI's Internet Crime Complaint Center (IC3) revealed that the number of complaints it receives annually has more than doubled since 2018. The potential loss from cybercrime has also grown significantly – between 2021 and 2022, it rose from $6.9bn to $10.2bn.

IBM’s 2021 Cyber Resilient Organization Study revealed that 61% of organizations that have had a ransomware attack in the last two years paid the ransom. As a result, these attacks are growing in popularity among novice cybercriminals with limited technical skills who want to make money quickly. Targeting a business through phishing is a common delivery mechanism because it requires little technical knowledge and can be used by hackers who don’t have much experience.

Even if you pay the ransom, it doesn’t mean your data is safe or that your organization will be left alone. Paying out a ransom once might even make your organization a more appealing future target for cybercriminals, as they know you’re willing to give them money. As a result, threat actors will often exfiltrate data for double or even triple extortion – meaning gangs frequently hit the same targets more than once.

Avoiding large ransom sums, regulatory fines, loss of reputation, and even legal action involves looking at how ransomware is delivered.

Ransomware is predominantly delivered by phishing

Ransomware attacks, in particular, are continuing to become more sophisticated and more disruptive. In 2022, phishing was the most popular method used by cybercriminals to deliver ransomware, followed by Remote Desktop Protocol (RDP) exploitation and exploitation of software vulnerabilities. When a cybercriminal strikes successfully, your options are limited to paying the ransom in exchange for decryption keys or rebuilding your systems from previous backups.

The study also revealed that 45% of ransomware attacks started with a phishing email. Taking advantage of human error by sending a phishing email is much easier than trying to hack an IT system because it relies less on the criminal's technical skill and more on successfully tricking an employee into completing an action.

Ease of buying phishing kits and ransomware online

Even unskilled cybercriminals can acquire the necessary tools to execute a ransomware attack. Phishing kits, which can contain email templates and code for ransomware, enable criminals to obtain the required resources for launching a ransomware attack on a business.  

In the past, phishing kits were typically only sold on forums on the dark web. However, they are becoming increasingly available in closed Telegram channels, thanks to the platform’s end-to-end encryption, which makes it a popular communication tool for cybercriminals.

Consequently, many threat actors can target businesses, regardless of whether they have the specific technical skills needed to develop the ransomware or phishing campaign on their own.

Killing the kill chain, stop phishing to stop ransomware

When cybercriminals manage to bypass an organization's security measures with a phishing email, they rely on human error to ensure their attack is successful. Therefore, installing appropriate software that can help to effectively identify malicious emails and improve user education.  

Here are some ways to stop ransomware attacks by killing the kill chain at delivery:

Integrated cloud email security (ICES) solutions

ICES solutions like Egress Defend use machine learning and natural language processing to stop threat actors from breaching your organization’s defenses. Advanced anti-phishing solutions take a zero-trust approach and look at the technical data, context, and message content in all emails for signs of ransomware.

Real-time teachable moments

Because phishing emails prey on human nature to install ransomware on a system, your employees are your biggest security risk. However, no amount of employee training can prevent human error, so it's critical to use technology as a backup.

With the right technology-led approach, you can empower your employees to spot malicious emails and understand why they’re malicious. Defend facilitates real-time teachable moments by explaining why an email was deemed risky through dynamic bannering.

Avoid the cost of a ransomware attack

With global ransomware damage predicted to top an annual sum of $265bn by 2031, bolstering your email defenses is crucial. Phishing emails are the primary delivery system for malware, so you must have the right technology in place to protect against these threats. Combining anti-phishing software with robust employee security training will help you to avoid falling victim to cybercrime and ransomware attacks.

Concerned about ransomware? Learn how to stop it from being delivered to your organization by email.