Dots Screenshot Compressed Dark


Detect the delivery of ransomware and malware by email, with Egress Defend.

The global ransomware problem


ransomware attacks occurred in the first six months of 2022

7 days

is the average minimum amount of downtime per attack


is the current average rasomware payment

The evolution from a phish to ransomware

Phishing is one of the most common attack vectors for ransomware. A threat actor might phish a user’s credentials, use them to launch a BEC attack and then sell the compromised account on to a ransomware actor. Alternatively, a ransomware actor might simply purchase compromised credentials and use them to progress the ransomware attack.

As threat actors find new and creative ways to deliver ransomware payloads, legacy detection techniques are failing to keep pace and users have little margin for error.

Stats V2 Ransomware
Solutions Ransomware 1

Sophisticated malicious email payloads do evade detection

Email attachments containing ransomware are typically detected using the sandboxing capabilities of most secure email gateways (SEGs).

Embedded links that lead to malicious files have a higher likelihood of getting by traditional defenses, as web downloads are rarely sandboxed in-line. This results in the patient-zero problem, where the ransomware is delivered and executes before the sandbox results are available.

Organizations need to implement anti-phishing technology that can detect suspicious links at the time of click and prevent connection to the target file download.

Solutions Ransomware 2

Egress Defend inspects all aspects of inbound email to detect ransomware

  • 1 Payload analysis. HTML attachment is examined and a JavaScript payload is found that retrieves a remote ransomware loader. The obfuscation used by the JavaScript is itself a sign of suspicion.
  • 2 Display name impersonation detection. This is difficult for users to spot, especially on mobile devices, and as the domain is real, it passes SPF checks.
  • 3 Newly registered domain. Passes SPF checks and is not on any blocklist, but a newly registered domain being used for a fax server is highly suspicious.
Solutions Ransomware 3

Intelligent technology that's easy for users to understand

  • 4 Linguistic analysis reveals anomalous content. Email structure and copy identifies it as a fax receipt notification, but this is the first time the recipient has received one.
  • 5 Blue alerts highlight the email's origins. Our blue banners let the recipient know they've received an external email from a new contact. Based on our analysis, a red warning is also added.
  • 6 Red warning banner alerts user to real-time risk. As Egress Defend has identified the email as a phish with a malicious payload, a red warning banner is dynamically added to alert the user.
Solutions Ransomware 4

Egress Security Center highlights the risks that matter

Reporting on threats such as ransomware and malware in your email flows can be manual and slow. Even worse, systems can throw too much unnecessary information at you, making it harder to make timely and effective decisions.

Egress Defend’s intelligence platform provides simplified dashboards and critical insights so that administrators can quickly cut through the noise, identify email security risks and, where necessary, remediate them.

Solutions Ransomware 5

Actionable intelligence

Data and analytics should not overwhelm you with information. Augmented threat intelligence into attack types, payloads, and supply chain health gives Security teams what they need to take decisive action that mitigates threats.

Our real-time threat feed offers insights and statistics into email details, type of attack, threat levels, authentication checks, communication history, and how your people interacted with the email.

Would you like to learn more about how Egress Defend can detect ransomware attacks in your company?


What our customers say

Hear from companies and organizations who use Egress Defend to prevent against ransomware attacks caused by phishing attacks.

If you’re relying on a yearly or even quarterly phishing test, I think you’re leaving major gaps. On going education and real time information have to be a part of your arsenal as well. I’m really impressed by what Egress Defend has been able to provide.

Trusted by global organizations

Related resources

Learn how our full suite of advanced email protection technologies work together to mitigate both inbound and outbound email risks like ransomware.

Human Risk Summit

12th October 2023 | 10:00 - 12:40 ET/15:00 - 17:40 BST

It's time to adapt.

The next evolution of cloud email security has arrived. Join industry thought leaders at our virtual event for insight into managing human risk and adaptive cloud email security.

Customer webinar: enhancing anti-phishing defenses in Microsoft 365 at Newcastle City Council

Get insight into the types of phishing threats targeting government organizations, how to layer defenses in Microsoft 365 for effective threat detection, and more.

How does phishing lead to ransomware attacks?

With global damages from ransomware predicted to top an annual sum of $265bn by 2031, it's never been more crucial to protect businesses.

How to Use a Hacker’s Toolkit Against Them

Read insights from our threat researchers about the tools and tactics attackers use in the first three stages of the cyber kill chain.