Spear Phishing and Ransomware: A Toxic Match Made in Hacker Heaven
Adrien Gendre
—September 28, 2016
—3 min read
A Ransomware attack features a hacker installing malware on your device that either encrypts your data or locks you out. In large-scale attacks, whole corporate networks and data repositories can be held up for ransom. The attacker extorts money from the victim in exchange for unlocking their data or device. Ransomware is a serious, growing security threat. The US Justice Department reports that there are about 4,000 attacks per day in 2016, up 300% from 2015. This article looks at ways of mitigating spear phishing, the email hack which frequently carries the Ransomware code onto the user’s device.
Ransomware: A Profitable Hacking Business
The basic concept of Ransomware is pretty easy to grasp. What many people don’t understand, though, is that Ransomware is essentially a franchised hacking business. According to Symantec, the average Ransomware demand is $679. The average Ransomware hacker can earn about $90,000 a year from this crime. Coding skills are not even required. Aspiring Ransomware attackers can get free kits online, as reported by McAfee Labs.
Many consumers and every kind of organization are getting hit with Ransomware. 43% percent of victims are in business and the public sector. The United States is the most affected country, with 31% of attacks. The other most frequently targeted countries are Italy, Japan, the Netherlands, Germany, UK, Canada, Belgium, India and Australia. The education sector is targeted most often. Finance is the least. Healthcare attacks are the most high profile. The disparity reflects the reality that educational and healthcare organizations typically have weaker security profiles than finance companies, according to TechRepublic.
The Relationship Between Spear Phishing and Ransomware
Spear phishing is separate and distinct from Ransomware, but the two attacks enjoy a strong synergy.
Spear phishing is THE prime delivery vehicle for malicious Ransomware code.
Spear phishing is a variant on phishing, a hacking technique that involves tricking email recipients into clicking on malware-containing links or downloading malware files. Spear phishing uses impersonation to make the phishing emails harder to detect. Spear phishing emails might appear to come from coworkers or friends.
According to CSO Magazine, 93% of phishing emails contained Ransomware in March of 2016!
That’s a big number… That is up from 56% in December and less than 10% during 2015.
Why Is Spear Phishing So Popular With Ransomware Attackers?
Well, the evidence shows that it works. Research shows that 30% of phishing emails are opened by campaign targets. Of those opened, 12% get clicks on the attachments.
It’s not that the recipient is stupid. People are just overwhelmed with work and distracted enough to miss a well-crafted spear phishing email or sometimes even one that isn’t all that well-crafted. For instance, let’s say you work with someone named Jim. A hacker looking at your LinkedIn profile can see that you work with Jim, so he poses as Jim by mimicking Jim’s Gmail address.
If you were super busy, would you notice that an email came from jim.231@gmail versus from Jim_231@gmail.com?
The data suggests many people can’t spot the fake address and think they are getting a note from a friend. A good spear phishing hacker will build a rapport with the victim with “conversational emails” before sending malicious payload: actual Ransomware code.
Mitigating the Spear Phishing-Borne Ransomware Risk
It’s clear that keeping spear phishing emails out of your organization will help you reduce the risk of suffering from a Ransomware attack.
The problem is that standard email filters can’t detect spear phishing attacks. Spam filters look for known malware signatures. They’re configured to spot suspicious key phrases. A spear phishing email that bears a personalized business message like, “Joe - Please review this PDF. Thanks! Jim” might easily escape the notice of an email filter.
It takes new tools to protect against spear phishing and the Ransomware that they carry. Vade offers a solution. With heuristic analysis, Vade can identity suspected spear phishing emails that carry Ransomware. Vade can even spot zero-day attacks because it isn’t looking for a specific signature. Rather, the software has been trained to detect likely phishing emails based on an analysis of hundreds of millions of emails over more than a decade and. Vade compares the style and technical indicators of the claimed sender of any given email with known information about the actual sender and is able to spot spear phishing emails even when the hackers don’t try and send an attachment or malicious URL.
Vade is able to protect corporate data assets from Ransomware arriving through spear phishing attacks.
Give us a call at 415-745-3630, if you want to discuss how you can quickly add anti-phishing measures to your current email setup and prevent spear phishing and Ransomware attacks.