Advanced phishing

Killing the kill chain: Stop phishing and you'll stop ransomware

by Egress
Published on 28th Jun 2021


Ransomware has businesses worried – and with good cause. It’s the fastest growing form of cybercrime and with criminals offering their ransomware as open-source software for any gang or individual to buy and use, it’s a problem that is only going to get worse.

Global damages from ransomware are predicted to top an eye-watering annual sum of $265bn by 2031. The average cost of recovery from an attack has already doubled to $1.85m in 2021, and the higher profile attacks can be even more damaging.

Businesses under attack

The American public were given a stark warning of the threat ransomware poses when Colonial Pipeline was crippled earlier this year, costing the business a $5m ransom fee and causing fuel shortages across the eastern seaboard. A state of emergency had to be declared across four states – so it’s not surprising the US government has given ransomware attacks the same priority as terrorism.

Unfortunately, this is far from a one-off incident, and simply represents the most high profile of a series of recent attacks against businesses across the world, not just the US. It’s vital that organisations learn how to break the ransomware ‘kill chain,’ which refers to the steps cybercriminals need to complete in order to achieve their goals. The kill chain runs from reconnaissance, to delivery, and all the way through to installation and taking control of an organization’s system.

Killing the kill chain

Once ransomware has struck, you’re in a seriously problematic position. The Scottish Environment Protection Agency (Sepa) was recently hit with a ransomware attack by an international criminal gang (the Conti group). More than 4,000 digital files were stolen and later released onto the internet when they refused to pay the ransom. Sepa said that it could take years to fully recover from the attack. 

Stopping the delivery of ransomware in the first place is the key to breaking the kill chain and stopping it for good. Unfortunately, the problem has not been solved effectively to date by traditional solutions. Advanced technology is needed to mitigate the threat of ransomware by stopping it at the most common source of origin: email.  

Email is the number one vector for ransomware

The primary method for delivering ransomware is a simple one – email. It’s estimated that 94% of ransomware attacks in the UK are delivered via email phishing. Once criminals get their phishing email inside of an organisation’s defenses, they then hope that an employee picks up the task from there, inadvertently unleashing ransomware into internal systems.

Intelligent solutions such as Egress Defend use advanced machine learning and natural language processing capabilities to stop this vital step of the kill chain from happening. It evaluates the context, relationships and message content of all emails coming into your business, flagging any that show signs of ransomware. Defend also explains to employees why an email was deemed risky, empowering them to become cybersecurity advocates who can identify future breaches.

Ransomware is a huge problem that is not going anywhere. It’s ruining lives and businesses, and traditional security methods can’t stop it. Find out more about how Egress Defend can secure your organisation’s email against the fastest growing cybercrime in the world.