Understanding the Connection between Ransomware and Email
Email is one of the most common delivery vectors employed by ransomware attackers today. went so far as to specifically label phishing emails as 鈥渢he number one delivery vehicle for ransomware,鈥 nothing that 鈥渢he main purpose of most phishing emails today is to deliver, directly or indirectly, some form of ransomware.鈥 Acknowledging this pronouncement, it鈥檚 a small wonder how nearly half of companies that reported phishing attacks ultimately experienced a ransomware infection, as reported by .
Such a finding raises an important question: why is email so prevalent in ransomware attacks? What is it about phishing emails that make them a preferred ransomware delivery vector?
Phishing 鈥 One of the Most Common Social Engineering Attacks
The answer has to do with what phishing campaigns are and aren鈥檛. Email-based attacks are not technical in the way that other campaigns are. Some might incorporate technical elements like macro code that exploits a software vulnerability into their attack chain. But even then, most email attacks don鈥檛 execute their malicious functionality as soon as they reach an employee鈥檚 inbox. Instead, they often require recipients to interact with the email messages and/or their attachments in some way.
Such is the nature of social engineering attacks, malicious activity which requires human input. Social engineering is designed to prey upon human weakness, not leverage exploit code and/or cracking techniques. In that sense, technical controls aren鈥檛 as effective if a digital attacker can gain entry to an authorized user鈥檚 inbox, as an example.
Malicious actors know this, which is why they turn to social engineering tactics so often鈥攁nd not just for email-based campaigns. In its , Verizon Enterprise found that social engineering was the most widely used pattern in data breaches and the third-most widely used pattern in security incidents over the course of 2020. Consistent with that finding, the security firm observed that 85% of data breaches involved a human element.
Even so, email is a special kind of social engineering given its prevalence among attackers. Each user has an email account, a reality which makes them a target. That explains why phishing attacks accounted for the most of the 2020 data breaches involving social engineering, noted Verizon Enterprise, with business email compromise (BEC) scams not far behind.
So, Why Is Ransomware an Effective Form of Social Engineering?
Ransomware is unlike other forms of malware in that it doesn鈥檛 hide forever. By design, it reveals itself at some point, and it relies upon all the feelings that go along with discovery鈥攆ear, disbelief, and urgency, to name a few鈥攖o motivate victims to pay. Data encryption and theft are not enough on their own. A ransomware attack isn鈥檛 successful unless those responsible get paid, and no one will get paid unless they have some sort of interaction with the victim.
Using email to deliver a digital threat as socially charged as ransomware is therefore only fitting. In 2020, the 秋葵视频色 | AppRiver team witnessed ransomware actors leveraging email as their delivery vector for several campaigns. One such operation made news in June for using the promise of a fake photo to trick recipients into infecting themselves with Avaddon ransomware, for instance.
Defending Against an Email-Borne Ransomware Attack
Organizations can use security awareness training to cultivate their employees鈥 familiarity with phishing attacks. But they can鈥檛 train them on every lure that they might encounter in an email attack. That鈥檚 why it鈥檚 in organizations鈥 interest to invest in an email security solution that鈥檚 capable of scanning incoming messages for malware signatures and other threat indicators, all while allowing legitimate correspondence to reach its intended destination.