Why ransomware spreads via phishing emails

Ransomware is a type of malicious software (aka malware) that prevents users from accessing a device or system by locking screens or encrypting files and data. As its name suggests, the malware asks for a ransom in exchange for the decryption key.

According to a recent study conducted by security company SentinelOne, 39% of UK organisations were hit by ransomware – on average, five times – in the last 12 months. Fear of becoming the next victim is escalating: a Trend Micro report showed that 69% of professionals believed their organisation will be targeted in the next 12 months.

The phishing-ransomware relationship

The SentinelOne study also revealed how ransomware gained access to companies’ systems: 72% of UK organisations identified phishing via email or social networks as a source of ransomware infection. Why do cyber criminals use phishing as a vector for more sophisticated ransomware attacks? Here is a list of possible reasons:

  • Phishing uses social engineering tactics, which manipulate people into performing actions without realising the malicious purpose. The less aware the target is, the more successful the attack is.
  • If cyber criminals have a precise target in mind, the more carefully the email is crafted to look like it comes from a legitimate and trustworthy sender (a colleague, the bank or the government), the more likely it is that the recipient will swallow the bait.
  • In the event of a random ransomware attack (with no particular target), social media networks open up the widest audience possible. In these situations, posts about easy wins or too-good-to-be-true bargains are a simple way to lure inattentive or greedy users.
  • In both cases, the invitation to share the post or forward the email to colleagues widens the audience, and hence the number of possible victims.

Understanding phishing can make the difference

Although ransomware and phishing attacks have been around for a few years, they are still relatively unknown or underestimated: 36% of UK office workers “could not confidently define a phishing attack” and 76% don’t know what ransomware is, according to ISACA. All it takes is a little education to reduce the risk of becoming a phishing victim (and, hence, the risk of ransomware is also diminished).

Many companies already have a staff awareness programme to keep their employees sharp and able to detect cyber attacks. If you’re considering following their example, I suggest e-learning staff awareness training courses. Employees can learn anytime and from anywhere, start and stop the course to match their busy schedule and minimise business disruption, with huge advantages for your company in terms of time and cost savings.

Choose the Phishing Staff Awareness e-learning course >>