Security challenges

How does phishing lead to ransomware attacks?

Published on 18th Nov 2021

Ransomware is malware that can lock a business's entire network and encrypt sensitive information. Attackers can then demand a ransom to hand over the decryption key and return access. They may also threaten to release encrypted data to the public, breaking all sorts of regulations and severely harming the business's reputation. Ninety percent of these attacks are delivered via phishing emails, which is why it's so important to take your email security seriously.

Why ransomware is such a danger 

Ransomware is becoming more sophisticated than ever, even to the point where backups alone won't be enough to keep you safe. An employee accidentally clicking a phishing link can cause this software to sneak into your computer network and quietly harvest data until it's ready to encrypt your device and make its demands.

The key with ransomware is prevention, as once it has struck your options are limited to paying the ransom in exchange for decryption keys or rebuilding your entire IT system from scratch. Many businesses choose to cough up the money, but this doesn't guarantee that their data is safe. Cybercriminals will often exfiltrate data for further blackmail – and gangs frequently hit the same targets more than once. Avoiding large ransom sums, regulatory fines, loss of reputation, and even legal action involves looking at how ransomware is delivered.

Most ransomware is delivered by email phishing 

Ninety percent of all ransomware is delivered through phishing scams where attackers trick employees into clicking on a link or divulging credentials.

Much easier than hacking an IT system

Targeting a business through phishing is much easier than trying to hack an IT system. These emails often look legitimate enough that the receiver does all the hard work for the criminal by unwittingly handing over their details. Here are the types of emails your employees might be up against:

  • Corporate emails: These will look official and may instil a sense of urgency in the user in order to get them to act without thinking.
  • Commercial emails: These will be business-related but not company-specific. They might include invoice requests or dispatch notifications.
  • Consumer emails: An email anyone might get on a daily basis, such as a social media notification.
  • Technical emails: These might include error reports, bounced email notifications, or emails related to business services.

Phishing relies on human error

Phishing attacks rely less on the technical skill of the criminal and more on being able to successfully trick an employee into handing over info or clicking a link. Because of this, these scams are becoming highly popular among new cybercriminals.

Employees need to look out for social engineering scams designed to make them give up a password or other credentials. While proper training will help your employees become the first line of defence against these attacks, you need the tools in place to support them, too. By taking the pressure off your employees and equipping them with software that can recognise even the most sophisticated scams, you can limit your business's exposure to risk.

It's easy to buy phishing kits and ransomware online

Even non-skilled cybercriminals can get their hands on the tools needed to run a ransomware campaign. You can find phishing kits available on the dark web that allow criminals to gain the data needed to launch an attack on a business. That means more malicious actors are able to target businesses — even when they don't have the specific hacking skills needed to create the campaign themselves.

Killing the kill chain: stop phishing and you'll stop ransomware

Once criminals successfully get their phishing email past an organisation's defences, they hope an employee will pick up the task from there. That means it's crucial to have the right software installed to prevent dangerous phishing emails from slipping through the net. No amount of employee training can prevent human error, so it's critical to use technology as a backup.

Intelligent solutions such as Egress Defend use advanced machine learning and natural language processing to stop this vital step in the kill chain from happening. The software looks at the context, relationships, and message content of all emails. It'll then flag any that could pose a threat to your business. In order to better educate employees, too, Defend explains why an email was deemed risky — empowering them to identify other email scams in the future.

Here are some ways you can stop ransomware attacks by killing the kill chain.

Intelligent email security

The first step is ensuring you're using the right security software in place to protect your employees from phishing emails. Not only will this technology keep your business secure, but solutions such as Egress Defend will also be able to help train your employees on what a suspicious email might look like.

Awareness training

Because phishing emails prey on human nature in order to install malware on a system, your employees are your biggest security risk. However, it's possible to turn them into a strategic defence against these kinds of attacks. Proper training will help employees recognise threats and understand what they need to do should something end up in their inbox.

Data backup and recovery

While simply recovering a machine might not stop a ransomware attack, it's crucial to have your data backed up in multiple places. If your business does fall foul of an attack, this can help minimize downtime and mitigate the loss of any important systems.

With global damages from ransomware predicted to top an annual sum of $265bn by 2031, it's never been more crucial to protect businesses. Phishing emails are the primary delivery system for malware, so it’s vital you have the right technology in place to protect against these threats. That, on top of employee security training, will help you avoid the dangers of ransomware.


How does phishing lead to ransomware?

Phishing is when threat actors attempt to trick users into giving out sensitive information or downloading a file. In both cases, this could lead to ransomware being installed on a machine within the business network. 

What causes ransomware attacks?

Phishing and social engineering scams are the leading cause of ransomware attacks. These emails look legitimate enough to trick employees into doing whatever the hacker needs in order to gain access to the system.

How does phishing cause data breaches?

There are a number of ways phishing can cause data breaches. That happens either by encouraging an employee to hand over sensitive information or through the installation of malware that allows the attacker to collect data.

What percentage of ransomware comes from phishing?

More than 90% of ransomware attacks are delivered via email phishing.

You might also be interested in ...

Ransomware Code 358X193
Security challenges
What is ransomware?

Worried about ransomware? Here's what you need to know about the threat of ransomware and how to protect your business. 

Security challenges
Human cost of phishing: A workday attack example Part 1

The cost of a phishing attack isn't only counted in financial terms. Find out what happens to the humans behind a breach.

Security challenges
LinkedIn phishing attacks up 232% in February

The attacks we have seen are bypassing traditional email security defenses to be delivered into people’s inboxes. Without technology deployed within the mailbox to help them detect attacks, it can be difficult for individuals to avoid falling victim. You can see in the screengrabs provided that Egress Defend has alerted the recipient to the attack within their inbox.