How hackers use phishing in ransomware attacks

Phishing attacks work because people like to click on things. Hackers carefully tailor attacks to their victims by collecting publicly available personal information about them and playing to their sense of urgency to get a response. The attackers only need one person within your organization to click on the link or open an attachment. Our recent research showed that on average 3% of people who receive a phishing email will click on the link. A lot of the time the goal of the attack is to capture account credentials, allowing the hacker to move laterally across the company and ransom the entire organization.

Traditional ransomware exploited known vulnerabilities to hack into organizations. The problem for cybercriminals is that today a lot of these vulnerabilities have been patched and are not as easy to exploit. This pushed hackers to combine phishing and ransomware into a perfect attack vector where hackers get a backdoor into organizations because people click on links from sources they think they trust.

Protect your users from phishing attacks

Organizations looking to protect themselves against these new tactics used to spread ransomware should first focus on protecting their credentials and access. This requires a two-pronged approach: first invest in detection and response tools and then focus on training your users.

Your email protection technology should focus not only on the detection of malicious payloads delivered through links or attachments, but also recognize when attacks use social engineering tactics designed to bypass filtering technology and trick users into action. It should look for malicious intent within an email, even when it does not include a malicious payload. Email security that uses machine learning algorithms can detect social engineering attacks with a higher degree of accuracy, looking for the smallest deviations from usual communication patterns.

Protecting your users’ credentials can’t be done without proper protection against account takeover. Two-factor authentication (2FA) remains a best practice and is something that should be adopted by every organization today. However, it’s not a silver bullet, and it’s not always enough. Hackers find ways to get around 2FA either by tricking users into installing malware on their verification devices or giving fake apps access to their accounts. Organizations need to have account takeover protection in place that will quickly identify and alert about malicious activity such as suspicious log-ins or attacks launched from compromised accounts

As the last line of defense, it’s crucial to train your employees to recognize and report attacks. Make security awareness training and phishing simulation part of your email security strategy. Historically, phishing attacks were associated with email only, but today cybercriminals will use other channels such as SMS and voice. Use phishing simulation for emails, voicemail, and SMS to train users to identify cyberattacks, test the effectiveness of your training, and evaluate the users most vulnerable to attacks.

How Barracuda can help

Barracuda Total Email Protection provides the most comprehensive protection against all 13 email threat types, from spam and ransomware to socially engineered threats such as spear phishing, business email compromise, and account takeover.

Our solution combines email gateway defenses with AI-based artificial intelligence and security awareness training to prevent attacks that would otherwise get through. We also provide you with technologies to proactively identify threats that may have bypassed your defenses. Automated remediation and incident response will simplify response to post-delivery attacks. Quickly identify and remove all malicious or unwanted messages directly from users’ inboxes.

You can start today by scanning your email environment to find threats that might already be inside your users’ inboxes. Barracuda Email Threat Scanner is a free tool that will help identify phishing attacks missed by your current email protection.  Get started here.