There was once a very wise man who also happened to be quite short. Someone asked him, “Do you view the glass as being half full or half empty?” He replied, “I’m too short to see that it’s empty. From down here, it’s always at least partly full.”
A similar comment could be made today about the state of ransomware defenses. You may think you have a top-down view of every cyber threat, but when it comes to encrypting malware, you don’t know what you’re not seeing.
While ransomware statistics in 2017 are alarming in terms of growth and severity of attacks, the cybersecurity industry has made great strides in defending against them. But despite our best efforts, the threat shows no signs of abating. If you think you’re not vulnerable, here are five stats that should serve as a reality check about your ransomware risk:
Stat 1: Ransomware types tripled in 2017
Symantec discovered 100 new families of malware families involved in encrypting malware this year. That’s three times the amount detected in 2016.
Stat 2: Ransomware messages are up 6,000% this year
The number of emails infected by ransom softwares went up 6,000 percent from 2016 to 2017, according to a review by IBM Security. That’s an astronomical number. Ransomware attackers hide their malware in common attachments like spreadsheets, text documents, invoices, faxes and so on. As these attacks grow more sophisticated, a lot of the red flags we look for in phishing attempts are harder to see or are no longer there.
Stat 3: Email Phishing is the #1 ransomware vehicle in 2017
Ransomware often targets individual PCs. Naturally, that means email is the most common method of attack. Research by IBM reveals that 59% of ransomware attacks originate with phishing emails and a remarkable 91% of all malware is delivered by email.
Stat 4: The USA is the #1 ransomware target
While there’s been a 36% increase in global ransomware attacks from last year to this year, the USA is the biggest target.
Stat 5: 11% more users encountered ransomware in 2017
The number of users who encountered this threat between April 2016 and March 2017 grew by 11.4% when compared to the same period between 2015 and 2016.
Taken together, these stats make one thing clear: ransomware is dramatically on the rise.
These stats deliver a warning:
- More users are seeing attacks
- Email is the main attack vehicle, using phishing as the approach
- The volume of attacks, as well as the variety of malware types, are on the rise.
The situation seems dire. What can you do about it? Well, before we can talk about how to beat ransomware, we have to understand what it actually is.
Understanding the Connection Between Spear Phishing and Ransomware
Ransomware is a creature of phishing and spear phishing. If you can you defeat spear phishing, you can beat back malware.
A variant on phishing, spear phishing is a hacking technique that involves tricking email recipients into downloading malware that encrypts their files. Spear phishing uses impersonation: the emails appear to come from a trusted friend or coworker, which makes them hard to detect with traditional email filters.
Cybercriminals typically use highly customized spear phishing emails to convince email users to click on links or open attachments that contain ransomware.
When spear phishers send regular old malware, it’s usually detected by an organization’s email filter. But when spear phishers send encrypting malware, it often slips through the cracks. That’s because many ransomware-bearing emails contain “zero-day” attacks, a type of malware so new that filters have no profile for it. It’s not a lost cause, however. If you can prevent the spear phishing emails from getting through, you’ll significantly reduce the risk of ransom softwares in your organization.
Defending Against the Spear Phishing-Borne Ransomware Threats
Vade defends against ransomware using heuristic analysis. This solution can easily identify suspected spear phishing emails carrying any kind of malware. Our proprietary AI-backed software has been trained to detect phishing emails based on an ongoing analysis of hundreds of millions of emails over more than ten years.
Our system’s artificial intelligence screens all inbound messages to identify one-off spear phishing attacks that contain ransom softwares. The AI matches the style and technical indicators of the claimed sender of any given email with known information about the actual sender.
Further protections come from our tool’s ability to evaluate attachments and booby-trapped URLs. We can detect the notoriously difficult polymorphic and metamorphic forms of malware and ransomware. Metamorphic malware confounds basic email security tools by completely rewriting its code with every iteration. This constant change makes it nearly impossible for anti-virus solutions to detect, quarantine, and eliminate. Examples include Locky, Cryptolocker, Cerber, Kehilos Botnet, CryptXXX and Petya.
The best way to defend against ransomware is to use a robust predictive email security solution.
Vade also provides predictive email security using data from a global customer base of more than 400 million email inboxes. It’s ever-evolving 24/7 global threat center protects customers from ransomware, phishing, spear phishing, and other email-borne threats.
Our sophisticated algorithms, using eight layers of analysis, combined with our massive data set (the largest accessible to any email security provider), are able to identify and neutralize both zero-day malware and encrypting malware variants and even the most sophisticated social engineering attacks embedded in phishing emails.
Contact us, if you want to discuss how you can quickly add anti-phishing measures to your current email setup.
