Killing the kill chain: Stop phishing and you'll stop ransomware

Security

Hear from Jack Chapman, Egress VP of Threat Intelligence, on why US organizations need to stop ransomware at the source: email phishing.

Share Video

Ransomware has American businesses worried – and with good cause. It’s the fastest growing form of cybercrime and with criminals offering their ransomware as open-source software for any gang or individual to buy and use, it’s a problem that is only going to get worse.

Global damages from ransomware are predicted to top an eye-watering annual sum of $265bn by 2031. The average cost of recovery from an attack has already doubled to $1.85m in 2021, and the higher profile attacks can be even more damaging.

US businesses under attack

The American public were given a stark warning of the threat ransomware poses when Colonial Pipeline was crippled earlier this year, costing the business a $5m ransom fee and causing fuel shortages across the eastern seaboard. A state of emergency had to be declared across four states – so it’s not surprising the US government has given ransomware attacks the same priority as terrorism.

Unfortunately, this is far from a one-off incident, and simply represents the most high profile of a series of recent attacks against US businesses. It’s vital that organizations learn how to break the ransomware ‘kill chain,’ which refers to the steps cybercriminals need to complete in order to achieve their goals. The kill chain runs from reconnaissance, to delivery, and all the way through to installation and taking control of an organization’s system.

Killing the kill chain

Once ransomware has struck, you’re in a seriously problematic position. The Washington DC police department was attacked by a Russian cyber gang (the Babuk group) just days after the Colonial Pipeline attack. The gang locked files and demanded $4m for them to be released, and after the police refused, they released a 250GB trove of files containing highly sensitive data onto the internet.

Stopping the delivery of ransomware in the first place is the key to breaking the kill chain and stopping it for good. Unfortunately, the problem has not been solved effectively to date by traditional solutions. Advanced technology is needed to mitigate the threat of ransomware by stopping it at the most common source of origin: email.  

Email is the number one vector for ransomware

The primary method for delivering ransomware is a simple one – email. It’s estimated that over 90% of ransomware attacks in the US are delivered via email phishing. Once criminals get their phishing email inside of an organization’s defenses, they then hope that an employee picks up the task from there, inadvertently unleashing ransomware into internal systems.

Intelligent solutions such as Egress Defend use advanced machine learning and natural language processing capabilities to stop this vital step of the kill chain from happening. It evaluates the context, relationships and message content of all emails coming into your business, flagging any that show signs of ransomware. Defend also explains to employees why an email was deemed risky, empowering them to become cybersecurity advocates who can identify future breaches.

Ransomware is a huge problem that is not going anywhere. It’s ruining lives and businesses, and traditional security methods can’t stop it. Find out more about how Egress Defend can secure your organisation’s email against the fastest growing cybercrime in the US.

You might also be interested in ...