The Hidden Threat in Emails: Ransomware

The Hidden Threat in Emails: Ransomware

We know that social engineering attacks are continuously being made by cyber attackers using fake emails. Using fake emails, they can tell you that you won a lottery and ask for money, want you to write your username and password elsewhere or threaten to publish your private and confidential videos and try to earn revenue. I'm sure one or two of them are familiar to you. But are you aware of even more dangerous ransomware software? 

There are a few critical features that distinguish ransomware malwares from other malwares. The first is that if your system infected with ransomware, it is impossible for you not to notice it. How does? Because ransomware malwares encrypts all your data and puts a huge warning on the screen : 

 "I've encrypted all your computers. If you send me money, I can help you decrypt it."

Another feature is that you can communicate with the person who infected you with this malware. Often cyber attackers want  to hide and try not to generate an alarm in the relevant system. But those who use ransomwares want to contact you! Of course, they disguise themselves with fake emails. They use digital currencies to get money from you. But they are still contacting you! In some cases, you can even negotiate! 

Some Ransomware Statistics 

  • The majority (62%) of the attacks involve small and medium-sized businesses. 
  • The average fee charged for an attack is 13,000 
  • $ 75 billion a year in damage to businesses
  • It is predicted by Cybersecurity Ventures that 6 trillion dollar costs will exist due to ransomware by the year 2021.  (Source: Cybersecurity Ventures)
  • A study done by IBM shows that the amount of money between $20,000 and $50,000 is acceptable to pay to attackers by 20 percent of business executives to decrypt their data back. (Source: IBM)

 

So, when we say ransomware, what dangers are we talking about for you or your company? 

 

Risks

You may lose all your data and money may not save you either! Cyber attackers have damaged many people through ransomwareand earned so much money that dozens of ransomware types have emerged. There's even ransomware as a service. Most types of ransomwares send spesific password to attacker that is used to encrypt your system. Then they demand money from you. If they get the money, they'll give you this password. So you can open your encrypted data using this password. However, in some cases (general problems such as network problems), the ransomware runs on your system, encrypt all data but the password does not reach to attacker. In this case, your data cannot be saved even if you send the money. Because no one knows the password.

How much can you trust someone who encrypts your systems? Well, you haven't used any security solution, and your computer has been encrypted. You are thinking of giving the money, but you are not sure you can get the password. Well, you can't! You are entirely at the mercy of the other party! So you may lost both time, money and data.

After infecting a single computer, this malware often infect other computers on the internal network. A single wrong click on the file in the email can encrypt all systems in your company or home.

Did you say data recovery solutions? Although certain types of ransomware malware are somehow decrypted, most of them are impossible to revert. And it's pretty hard to find a data recovery company that can help you.

 

What can you lose? 

1. All your data can be encrypted: You can lose invoices, customer information, private files, whatever you have on your computer. And for the reasons we mentioned above, you may not be able to return it even if you are willing to pay money to get the password. 

2. Financial Losses: Even at best, your systems will be down for days or weeks. This means business and financial loss for you. 

3. Reputational Losses: You will not lose your reputation only because of your inability to provide service or data loss. Cyber attackers know whom they are targeting and where they are successful. They can also public your company name.

 

91 Percent of Cyber Attacks Start with an Email 

Emails are where the first defense will be made. According to a study by Fireeye, 91 percent of cyber attacks start with an email. Our identity that we use the most on the internet turns into a threat to us. 

Microsoft has worked hard to ensure email security and continues to do so. For example, They have an Exchange Online Protection service. With this service, you can block spam and harmful emails to some extent. Microsoft has another product that does the same job with much more features. For those using Microsoft 365 Business Premium & E5, it offers another layer of security called ATP (Advanced Threat Protection). It has two essential features, Safe Links & Safe Attachments. But in order to use it, you need to have both a business premium and outstanding technical personnel.

 

Sample Attack Scenario

This type of attacks generally start with an email. Email may have lots of false information to get your attention. Let's see what is the real affect of a real ransomware attack :

An email attachment that you shouldn't click:

petya ransomware odix filewall

If you click, your computer will be restarted

petya ransomware odix filewall

But it will not open like you expect:

petya ransomware odix filewall

petya ransomware odix filewall

 

What Should You Do? 

Be careful when opening your emails. By predicting when and how your attention will be distracted, cyber attackers can adjust the email's content, and the time it is sent. For example, if you are an NBA fan, they produce content accordingly. When sending emails, they prepare content that you think will interest you. 

If you make the slightest mistake and click on a malicious file, the malware starts running and can encrypt your data.

Cybersecurity companies put lots of effort to detect ransomware attacks. We recommend that you use specialized products that fit, especially on email attachments.


Microsoft 365 Mail (Exchange Online)  Security

Security Odi-X firm of Israeli origin (the cybersecurity ecosystem is highly developed in Israel) has developed a solution for SMEs that requires a monthly fee of $ 1 for each user. This solution provides Microsoft 365 Mail security for SMEs. It provides protection against malicious software included in email attachments. It's not just for ransomware; but also for any malicious email attachment, the solution comes into play. 

It's pretty simple to set up. Odix's FileWall can be installed with a few clicks from Microsoft App. Almost no impact on mails performance and has strong protection againts malwares.

If you use FileWall, your email will look like this if malware arrived in the attachment.

 

petya ransomware odix filewall

Information can also be found below:

https://www.odi-x.com/attachment-based-phishing-campaign/
https://www.odi-x.com/attachment-based-phishing-uses-captcha-to-avoid-detection/
https://www.odi-x.com/exrobotos-old-phishing-kit-resurfaces-with-new-life/

Share: