{"id":6308,"date":"2020-05-28T21:00:49","date_gmt":"2020-05-28T20:00:49","guid":{"rendered":"https:\/\/www.n-able.com\/?p=6308"},"modified":"2021-04-09T21:09:33","modified_gmt":"2021-04-09T20:09:33","slug":"email-security-education-avoiding-ransomware","status":"publish","type":"post","link":"https:\/\/www.n-able.com\/fr\/blog\/email-security-education-avoiding-ransomware","title":{"rendered":"Email Security Education: Avoiding Ransomware"},"content":{"rendered":"

Please note: For privacy reasons, the identity of the hacked accounts in the examples used for this blog have been changed or hidden.<\/em><\/p>\n

In last month\u2019s email security education\u00a0blog<\/a>, we highlighted the impact of COVID-19 on the current threat landscape and how threat actors are taking advantage of users working from home who want to know more about the virus. Though this trend continues to rise, these are not the only campaigns you should be wary of. The SolarWinds\u00ae<\/sup>\u00a0Mail Assure threat intelligence team continues to observe the latest malicious campaigns threat actors use to exploit user vulnerability.<\/p>\n

These attacks include malware, ransomware, spoofing, and display name spoofing. Cybercriminals often use email as a delivery mechanism for malicious cyberattacks like these. All it takes is one click on a malicious link to download ransomware, illicit cryptomining software, or spyware onto an endpoint. An attack could then propagate out to other machines. From there, it could potentially take down the entire network and damage a company\u2019s reputation in the process.<\/p>\n

MSPs are key targets for ransomware attacks as they provide threat actors with a route to access all their clients. In fact, last year saw\u00a0an MSP pay $150,000<\/a>\u00a0in bitcoin for a\u00a0ransomware recovery<\/a>. In today\u2019s blog, we will look at ransomware attacks on email.<\/p>\n

So, what is ransomware and what does it look like today? \u00a0<\/b><\/h3>\n

Ransomware dates to the 1980s and, although it has evolved in sophistication, the main goal for cybercriminals is still the same: financial gain. Ransomware is a form of malware where threat actors lock a computer, system, or personal files, and then demand a ransom payment to allow the users to gain access to their files. Cybercriminals will often threaten to delete these files or, in the case of bigger companies, publish sensitive information.<\/p>\n

Cybercriminals launch ransomware in several ways, including:<\/p>\n

PHISHING LINKS<\/strong><\/h4>\n

It\u2019s easy enough for cybercriminals to create convincing-looking fake messages with phishing emails. A popular method to launch ransomware involves using malicious links in phishing emails to take the user to a malicious site.<\/p>\n

 <\/p>\n

\"\"<\/p>\n

 <\/p>\n

LINKS IN ATTACHMENTS<\/strong><\/h4>\n

A common phishing scam threat actors use involves including fake attachments in email. The phishing email directs the user to open an attachment to retrieve an invoice for example. The invoice itself includes a malicious link that leads to a phishing page that asks the user to enter the user\u2019s credentials.<\/p>\n

FAKE ATTACHMENTS<\/strong><\/h4>\n

These scams typically use PDF, Word, or Excel attachments that claim to be important. When the user clicks on the attachment it opens a phishing web page. In other cases, clicking on the attachment automatically starts a ransomware download or the victim enables macros in the document that triggers a download.<\/p>\n

 <\/p>\n

\"\"<\/p>\n

 <\/p>\n

While some ransomware is easy for knowledgeable users to reverse, some forms of malware use advanced techniques such as cryptoviral extortion. This type of extortion encrypts a victim\u2019s files and demands a ransom payment to decrypt the files and make them accessible again. When properly implemented by threat actors, recovering files from a cryptoviral extortion attack without the decryption key is a major problem. Today, cybercriminals request payment through cryptocurrencies or credit card payments. This helps cybercriminals maintain a level of anonymity. The blockchain in cryptocurrency uses hashes of public keys instead of individuals\u2019 names to keep track of ownership. Blockchain is basically the name used for a cryptocurrency\u2019s public ledger. The example below shows how the threat actor claims to have hacked a victim\u2019s website. It\u2019s evident this is coming from cybercriminals, what\u2019s not evident is if their claims are true. Industry experts advise the public not to directly act on emails like this one.<\/p>\n

 <\/p>\n

\"\"<\/p>\n

 <\/p>\n

Bitcoin became popular when Cryptolocker appeared in 2013\u2014and has since become a preferred payment method for ransomware operators. The\u00a0FBI states that over $140 million<\/a>\u00a0has been paid to ransomware over the past six years using bitcoin wallets. This shows these campaigns are effective for cybercriminals.<\/p>\n

Some of the top recent ransomware email subject lines include:<\/b><\/p>\n