Phishing and Ransomware – your inbox’s worst nightmare

Ransomware and phishing are two of the most common cyber attacks in the current internet landscape, yet they are also some of the most misunderstood. Phishing is the practice of sending fraudulent emails from what appear to be a legitimate source, asking the recipient to reveal personal information such as passwords, bank account information or credit card numbers. Ransomware is software that is downloaded or installed on a device, asking the recipient end to pay a ransom in exchange for the return of stolen data or personal information. In essence, both cyber attacks center around the practice of digital blackmail, which is why with a combination of the two, phishing ransomware attacks, are some of the most vicious threats to both personal and professional information.   

Phishing ransomware attacks begin with what seems to look like a legitimate email, asking the recipient to open a file or click on a link. Once the attachment or link has been opened, the hacker then gains access to the device’s data and can distribute the malicious payload. These attacks are harder to spot because the phishing emails may be from a familiar sender, are often personally addressed to the recipient, and they include attachments, which draws attention, curiosity, urging the victim to open them. Sometimes, the attachment even looks legitimate – with the company’s logo on the header – so the recipient remains unsuspecting until the ransom demand appears and their files are no longer accessible. 

According to some reports, about 93% of phishing emails are now phishing-ransomware emails, and the majority of them target individuals through their personal and professional email accounts. Healthcare and education sectors see the brunt of phishing-ransomware attacks, though other sectors are by no means safe. In the recent ‘Defray’ ransomware attack that targeted healthcare and education organizations in the US and UK, a Microsoft Word attachment was sent out in customized messages to spread the malware. Reports claim that for healthcare employees, the attachment claimed to come from the director of information management and technology, and contain patient records and that the hospital’s logo was on the header, making it seem legitimate. In the education sector, universities may not prioritize network protection during the onboarding process, often allowing new personal devices to enter the network, without attaining enough control over access for those devices.   

With hackers expanding their methods of social engineering, the responsibility for educating employees on what to look out for and how to protect their devices falls largely on the employer. IT departments should issue regular communications to employees detailing potential cyber threats to look out for, and educate them on best practices if they believe they may be subject to an attack.   

However, phishing attacks present a unique challenge in that they are usually targeted at a specific employee or department, allowing hackers to “creep” their way into the organizational network. That said, it’s important for employees to make an effort to stay informed on the latest cyber threats and vulnerabilities, especially as they apply to their industry vertical. Together with an effective organizational policy for controlling and protecting access for devices on the enterprise network, cyber education programs have immense value in catching threats, like phishing ransomware attacks, that may fly under the radar due to their targeted, socially engineered approach. 

Here are a few rules of thumb that we should live by in the evolving landscape of digital threats: 

  1. Never open emails, links or attachments from email addresses that you are not familiar with. 
  2. Don’t open emails with “sketchy” subject lines, such as those offering “once-in-a-lifetime” deals or claiming to contain sensitive documents.   
  3. Never open emails in the junk folder unless they are from a familiar sender. They are there for a reason. 
  4. Stay aware and inform your peers. People who are just getting accustomed to email technology should be educated that many emails are spam, some of which can contain phishing or ransomware.   
  5. Make sure your device is up to date with the latest security patch recommendations.   
  6. In the workplace, implement a network security solution that can provide visibility into all endpoints, to control access for devices that may be infected with ransomware. 
  7. If you or a fellow employee does open a phishing email, one of the immediate steps should be to disconnect the device from the network and inform the IT department. That way, they can assess if there has been unauthorized access, and attempt to contain the issue before it spreads. This also gives time for the IT department to inform the rest of the organization that there has been a breach. 
  8. Another immediate step is to run a full anti-virus scan on your device. While not all anti-virus software will pick up on ransomware installed following a phishing attack, it could identify abnormalities that are worth reporting to the IT department. 
  9. Finally, it’s a good idea to change login information wherever possible. The IT department should instruct you regarding your organizational accounts, but if you have personal accounts connected to your work device, it’s a good idea to revisit your personal information and passwords, in addition to logging out, just to be on the safe side. 

Keep in mind that all connected devices are potential victims of ransomware phishing attacks. While ransomware is well understood when it comes to more “traditional” devices such as computers, phones, and servers, IoT devices are also a point-of-entry, and are by nature less secure. Stay aware of all devices on your network, even those that are deployed to control temperatures in the HVAC room, the smart coffee machine or smart TVs in the boardroom.   

National Cyber Security Awareness Month is all about sharing knowledge to promote a safer and more secure internet environment for all users. Take preventative measures to avoid being the next victim, and inform your peers when you hear of threats to stop them from spreading and always remain wary of what you search, receive and send over the internet. Awareness and education are the best ways to beat hackers! 

Nilly Assia, CMO of Portnox 

Image Credit: Evannovostro / Shutterstock