Detect the delivery of ransomware and malware by email, with Egress Defend.

The global ransomware problem


ransomware attacks occurred in the first six months of 2022

7 days

is the average minimum amount of downtime per attack


is the current average rasomware payment

The evolution from a phish to ransomware

Phishing is one of the most common attack vectors for ransomware. A threat actor might phish a user’s credentials, use them to launch a BEC attack and then sell the compromised account on to a ransomware actor. Alternatively, a ransomware actor might simply purchase compromised credentials and use them to progress the ransomware attack.

As threat actors find new and creative ways to deliver ransomware payloads, legacy detection techniques are failing to keep pace and users have little margin for error.

Stats V2 Ransomware
Solutions Ransomware 1

Sophisticated malicious email payloads do evade detection

Email attachments containing ransomware are typically detected using the sandboxing capabilities of most secure email gateways (SEGs).

Embedded links that lead to malicious files have a higher likelihood of getting by traditional defenses, as web downloads are rarely sandboxed in-line. This results in the patient-zero problem, where the ransomware is delivered and executes before the sandbox results are available.

Organizations need to implement anti-phishing technology that can detect suspicious links at the time of click and prevent connection to the target file download.

Solutions Ransomware 2

Egress Defend inspects all aspects of inbound email to detect ransomware

  • 1 Payload analysis. HTML attachment is examined and a JavaScript payload is found that retrieves a remote ransomware loader. The obfuscation used by the JavaScript is itself a sign of suspicion.
  • 2 Display name impersonation detection. This is difficult for users to spot, especially on mobile devices, and as the domain is real, it passes SPF checks.
  • 3 Newly registered domain. Passes SPF checks and is not on any blocklist, but a newly registered domain being used for a fax server is highly suspicious.
Solutions Ransomware 3

Intelligent technology that's easy for users to understand

  • 4 Linguistic analysis reveals anomalous content. Email structure and copy identifies it as a fax receipt notification, but this is the first time the recipient has received one.
  • 5 Blue alerts highlight the email's origins. Our blue banners let the recipient know they've received an external email from a new contact. Based on our analysis, a red warning is also added.
  • 6 Red warning banner alerts user to real-time risk. As Egress Defend has identified the email as a phish with a malicious payload, a red warning banner is dynamically added to alert the user.
Solutions Ransomware 4

Egress Security Center highlights the risks that matter

Reporting on threats such as ransomware and malware in your email flows can be manual and slow. Even worse, systems can throw too much unnecessary information at you, making it harder to make timely and effective decisions.

Egress Defend’s intelligence platform provides simplified dashboards and critical insights so that administrators can quickly cut through the noise, identify email security risks and, where necessary, remediate them.

Solutions Ransomware 5

Actionable intelligence

Data and analytics should not overwhelm you with information. Augmented threat intelligence into attack types, payloads, and supply chain health gives Security teams what they need to take decisive action that mitigates threats.

Our real-time threat feed offers insights and statistics into email details, type of attack, threat levels, authentication checks, communication history, and how your people interacted with the email.

Would you like to learn more about how Egress Defend can detect ransomware attacks in your company?


What our customers say

Hear from companies and organizations who use Egress Defend to prevent against ransomware attacks caused by phishing attacks.

If you’re relying on a yearly or even quarterly phishing test, I think you’re leaving major gaps. On going education and real time information have to be a part of your arsenal as well. I’m really impressed by what Egress Defend has been able to provide.

Trusted by global organizations

Related resources

Learn how our full suite of advanced email protection technologies work together to mitigate both inbound and outbound email risks like ransomware.

Email Threat Landscape: Phishing Report

Organizations remain vulnerable to advanced phishing threats, including AI-driven attacks and those sent from compromised supply chain accounts.

Download the Email Threat Landscape: Phishing Report for insight into phishing attacks that organizations fell victim to, how these incidents impact the people involved, and attitudes towards traditional email security and training.

KnowBe4 & Egress: Delivering integrated AI-based adaptive email security and training

Join Bas Van Der Hoeven from KnowBe4 and James Sheldrake from Egress to see how their products work together to provide AI-based email security and training.

Forrester Total Economic Impact Study

Forrester demonstrates the financial and efficiency benefits that can be achieved by organizations that invest in Egress Intelligent Email Security – including a 359% return on investment.

Customer webinar: enhancing anti-phishing defenses in Microsoft 365 at Newcastle City Council

Get insight into the types of phishing threats targeting government organizations, how to layer defenses in Microsoft 365 for effective threat detection, and more.