Ransomware

Detect the delivery of ransomware and malware by email, with Egress Defend.

Request a demo Egress Defend

The global ransomware problem

236.1m

ransomware attacks occurred in the first six months of 2022

7 days

is the average minimum amount of downtime per attack

$228,125

is the current average rasomware payment

The evolution from a phish to ransomware

Phishing is one of the most common attack vectors for ransomware. A threat actor might phish a user’s credentials, use them to launch a BEC attack and then sell the compromised account on to a ransomware actor. Alternatively, a ransomware actor might simply purchase compromised credentials and use them to progress the ransomware attack.

As threat actors find new and creative ways to deliver ransomware payloads, legacy detection techniques are failing to keep pace and users have little margin for error.

Sophisticated malicious email payloads do evade detection

Email attachments containing ransomware are typically detected using the sandboxing capabilities of most secure email gateways (SEGs).

Embedded links that lead to malicious files have a higher likelihood of getting by traditional defenses, as web downloads are rarely sandboxed in-line. This results in the patient-zero problem, where the ransomware is delivered and executes before the sandbox results are available.

Organizations need to implement anti-phishing technology that can detect suspicious links at the time of click and prevent connection to the target file download.

Egress Defend inspects all aspects of inbound email to detect ransomware

1 Payload analysis. HTML attachment is examined and a JavaScript payload is found that retrieves a remote ransomware loader. The obfuscation used by the JavaScript is itself a sign of suspicion.
2 Display name impersonation detection. This is difficult for users to spot, especially on mobile devices, and as the domain is real, it passes SPF checks.
3 Newly registered domain. Passes SPF checks and is not on any blocklist, but a newly registered domain being used for a fax server is highly suspicious.

1500W Threat Trends Apr 24 Web Imgs Blog Thin CTA

2024 Phishing Threat Trends Report: January - March insights

Download report

Intelligent technology that's easy for users to understand

4 Linguistic analysis reveals anomalous content. Email structure and copy identifies it as a fax receipt notification, but this is the first time the recipient has received one.
5 Blue alerts highlight the email's origins. Our blue banners let the recipient know they've received an external email from a new contact. Based on our analysis, a red warning is also added.
6 Red warning banner alerts user to real-time risk. As Egress Defend has identified the email as a phish with a malicious payload, a red warning banner is dynamically added to alert the user.

Egress Security Center highlights the risks that matter

Reporting on threats such as ransomware and malware in your email flows can be manual and slow. Even worse, systems can throw too much unnecessary information at you, making it harder to make timely and effective decisions.

Egress Defend’s intelligence platform provides simplified dashboards and critical insights so that administrators can quickly cut through the noise, identify email security risks and, where necessary, remediate them.

Actionable intelligence

Data and analytics should not overwhelm you with information. Augmented threat intelligence into attack types, payloads, and supply chain health gives Security teams what they need to take decisive action that mitigates threats.

Our real-time threat feed offers insights and statistics into email details, type of attack, threat levels, authentication checks, communication history, and how your people interacted with the email.

Would you like to learn more about how Egress Defend can detect ransomware attacks in your company?

Request a personalized demo View Egress Defend

What our customers say

Hear from companies and organizations who use Egress Defend to prevent against ransomware attacks caused by phishing attacks.

“If we didn’t put Egress in place and we got hit by a ransomware attack, the ambulance service would cease to function, and it would have a real, human, cost."