Ransomware: How to provide a valuable layer of protection to email

30 May 2022

As we discussed in our blog exploring Remote Desktop Protocol, ransomware is on the rise, and has been exacerbated by the current work-from-home trend. While the bad guys use many attack vectors to attempt to infiltrate your systems and plant ransomware, the most popular – by far – remains email.

Read more articles from the series:

PART 1: Ransomware: What SMBs should know 

PART 2: Ransomware: The many dangers of Remote Desktop Protocol

PART 4: Ransomware: The need to protect your supply chain

PART 5: Ransomware: A game of cat and mouse

PART 6: Ransomware: How to protect your company against attacks


Criminals either use compromised links or infected email attachments to deliver downloaders that install malware on the recipient’s machine, or to establish a foothold on the corporate network.


This initial stage of a compromise can remain undetected for years before maturing into a full-blown ransomware attack. At this stage, it will look to steal valuable data and encrypt files, prior to making a ransom demand that can run into the millions of dollars.


It is important that everyone in your organization understands ransomware. Encourage staff to report suspicious messages and attachments as soon as they see them. Early warnings can help the organization fine-tune its spam and content filters and bolster its defenses.


Don’t become an easy target

Cybercriminals are cunning. They are constantly coming up with new and innovative ways to fool corporate networks and the staff who use them. It’s not just junior staff who are targeted using social engineering tactics, though.


In 2017, a managing director at a four-star hotel in Austria’s Alps got a ransomware email that was disguised as a bill from Telekom Austria. After clicking on a link within the email, the hotel’s electronic doors became unusable, and staff were unable to issue new card keys to guests. Those behind the attack demanded a ransom be paid. However, there was a further sting in the tail. After dutifully paying the ransom, the hotel was hacked three more times. This proves that by paying the ransom, organizations can also make themselves easy targets in the future.


Paying ransom is never a good idea. There is no guarantee the company´s data will be restored.  As in the example above, once attackers mark your company as an easy target, it is very difficult to dig yourself out of that hole.


Remember, prevention is always better than dealing with the consequences.


Playing in the sandbox

Remember the threat landscape is not static. Cybercriminals are always looking to remain one step ahead. Businesses can mitigate the risk of so-called “zero-day” threats being used to implant ransomware by using a sandbox. A sandbox provides a powerful, isolated test environment in which a suspicious program can be executed and its behavior observed, analyzed and reported before it has the chance to do damage.


The right security solution can automatically decide whether a suspicious or unknown email attachment is benign or malicious by sending it to a cloud-based sandbox for analysis. By doing so in the cloud, there is the added advantage of offloading the processing power needed to detect unknown threats from employee machines so as not to impact their productivity.


Quick. Intelligent. Dynamic.

Email may not be the only attack vector, but it certainly continues to be popular for ransomware attacks. Ensure that you do all you can to provide a valuable additional layer of protection. Remain vigilant and analyze suspicious or unknown email attachments with a sandbox based upon the latest machine learning technology. It’s quick. Its intelligent. It’s dynamic. Above all, it's effective.


Banner referring to ESET Mail Security solution

Read also


It’s high season for phishing – here’s how to spot fraudulent emails before they cause any harm

Your employees have probably already received emails that appear to come from a bank or other popular online service, requesting that they “confirm” their account credentials or credit card number.This is a common phishing technique – if they click on the link in the email, they give access to hackers and their malicious intentions. Unfortunately, phishing lures are constantly changing – and they’re sometimes hard to recognize.


Cyber blackmail and sextortion scams: What employees need to know

Blackmail is a common practice among cybercriminals. Although most of the threats are usually fake, many employees lack enough knowledge and are easily taken in. Therefore, it’s crucial to constantly raise awareness and talk about online scams – including sextortion.

Phishing Simulation_cover photo

How to Train Employees Using Phishing Simulation

Avoiding phishing attacks requires vigilance and the ability to recognize attacks – across your whole organization. So, how do you train your employees to spot them before it's too late? If your employees have already completed some form of cybersecurity training, try simulating a phishing attack – and give them a chance to choose the right solution.

social engineering how not to fall victim article

How Not to Fall Victim to Social Engineering

Humans are emotional beings, and social engineering is a very effective way to take advantage of that. What’s more, social engineering attacks such as phishing or spreading malicious links don’t usually require highly specific technical skills on the side of the attacker. Forcing thousands of users to give up sensitive information or perform harmful actions has so far proven to be rather easy! Don’t be fooled – even when your business is small, you might still become a target.

Ransomware series part2_cover

Ransomware: The many dangers of Remote Desktop Protocol

In the first part of this series, we gave a basic overview of ransomware and how it works. Now, we are delving deeper into the specific ways in which ransomware operators infiltrate your systems, starting with Remote Desktop Protocol.

Ransomware series part5_cover

Ransomware: A game of cat and mouse

In previous blogs we focused on how cybercriminals utilize vulnerabilities in Remote Desktop Protocol (RDP), email and supply chains to drop ransomware onto an organization’s systems. Although these are popular methods, they are by no means the only techniques used by those with malicious intent.

Ransomware series part6_cover

Ransomware: How to protect your company against attacks

Ransomware is one of the most potent threats to modern business, targeting organizations both large and small. To conclude our series exploring the various techniques used by cybercriminals to drop ransomware on corporate networks, we'll explore what organizations can do to ensure they can mitigate the risk.

Ransomware series part1_cover

Ransomware: What SMBs should know

Ransomware is one of the biggest threats to businesses today, and with new attacks hitting the news on a daily basis, the risk can seem overwhelming. But what actually is ransomware, and how can businesses protect themselves? In this series, we will take an in-depth look at ransomware, highlighting specific methods of attack such as email compromise, vulnerabilities and the Remote Desktop Protocol, delving into supply chain attacks, and giving advice on how businesses can mitigate the risk .

Ransomware series part4_cover

Ransomware: The need to protect the weakest link, your supply chain

So far in our ransomware series, we have looked at the basics of ransomware, Remote Desktop Protocol and email compromises. In this blog, we take a look at how businesses can be attacked through their supply chains.