Detect the delivery of ransomware and malware by email, with Egress Defend.

The global ransomware problem


ransomware attacks occurred in the first six months of 2022

7 days

is the average minimum amount of downtime per attack


is the current average rasomware payment

The evolution from a phish to ransomware

Phishing is one of the most common attack vectors for ransomware. A threat actor might phish a user’s credentials, use them to launch a BEC attack and then sell the compromised account on to a ransomware actor. Alternatively, a ransomware actor might simply purchase compromised credentials and use them to progress the ransomware attack.

As threat actors find new and creative ways to deliver ransomware payloads, legacy detection techniques are failing to keep pace and users have little margin for error.

Stats V2 Ransomware
Solutions Ransomware 1

Sophisticated malicious email payloads do evade detection

Email attachments containing ransomware are typically detected using the sandboxing capabilities of most secure email gateways (SEGs).

Embedded links that lead to malicious files have a higher likelihood of getting by traditional defenses, as web downloads are rarely sandboxed in-line. This results in the patient-zero problem, where the ransomware is delivered and executes before the sandbox results are available.

Organizations need to implement anti-phishing technology that can detect suspicious links at the time of click and prevent connection to the target file download.

Solutions Ransomware 2

Egress Defend inspects all aspects of inbound email to detect ransomware

  • 1 Payload analysis. HTML attachment is examined and a JavaScript payload is found that retrieves a remote ransomware loader. The obfuscation used by the JavaScript is itself a sign of suspicion.
  • 2 Display name impersonation detection. This is difficult for users to spot, especially on mobile devices, and as the domain is real, it passes SPF checks.
  • 3 Newly registered domain. Passes SPF checks and is not on any blocklist, but a newly registered domain being used for a fax server is highly suspicious.
1500W Threat Trends Apr 24 Web Imgs Blog Thin CTA

2024 Phishing Threat Trends Report: January - March insights

Download report
Solutions Ransomware 3

Intelligent technology that's easy for users to understand

  • 4 Linguistic analysis reveals anomalous content. Email structure and copy identifies it as a fax receipt notification, but this is the first time the recipient has received one.
  • 5 Blue alerts highlight the email's origins. Our blue banners let the recipient know they've received an external email from a new contact. Based on our analysis, a red warning is also added.
  • 6 Red warning banner alerts user to real-time risk. As Egress Defend has identified the email as a phish with a malicious payload, a red warning banner is dynamically added to alert the user.
Solutions Ransomware 4

Egress Security Center highlights the risks that matter

Reporting on threats such as ransomware and malware in your email flows can be manual and slow. Even worse, systems can throw too much unnecessary information at you, making it harder to make timely and effective decisions.

Egress Defend’s intelligence platform provides simplified dashboards and critical insights so that administrators can quickly cut through the noise, identify email security risks and, where necessary, remediate them.

Solutions Ransomware 5

Actionable intelligence

Data and analytics should not overwhelm you with information. Augmented threat intelligence into attack types, payloads, and supply chain health gives Security teams what they need to take decisive action that mitigates threats.

Our real-time threat feed offers insights and statistics into email details, type of attack, threat levels, authentication checks, communication history, and how your people interacted with the email.

Would you like to learn more about how Egress Defend can detect ransomware attacks in your company?


East of England Ambulance Service’s life-saving move with AI-powered phishing defenses

“If we didn’t put Egress in place and we got hit by a ransomware attack, the ambulance service would cease to function, and it would have a real, human, cost."

Trusted by global organizations

Related resources

Learn how our full suite of advanced email protection technologies work together to mitigate both inbound and outbound email risks like ransomware.

2024 Phishing Threat Trends Report: January - March insights

Download the latest Phishing Threat Trends Report to understand the hot topics dominating the headlines, from the rise of ‘quishing’ and AI-powered attacks to the evolution of payloads in phishing campaigns.

Customer story: Manchester Airports Group

Manchester Airports Group takes their email security to new heights with Egress

KnowBe4 & Egress: Delivering integrated AI-based adaptive email security and training

Join Bas Van Der Hoeven from KnowBe4 and James Sheldrake from Egress to see how their products work together to provide AI-based email security and training.

Forrester Total Economic Impact Study

Forrester demonstrates the financial and efficiency benefits that can be achieved by organizations that invest in Egress Intelligent Email Security – including a 359% return on investment.