Malware, Ransomware and Everything In Between: What Happens When You Click on the Malicious Files in Your Inbox

November 2, 2020

In 2021, it is forecasted that one organization will experience a ransomware attack every 11 seconds. The plethora of security vulnerabilities within enterprises’ networks, coupled with the ease of luring employees into engaging with spear phishing emails, are primary reasons why ransomware attacks have rapidly increased. One recent attack against a food and drink manufacturer led security experts to conduct a thorough examination of their network and analyze how the attack was able to be so successful. The analysis emphasized that going forward, without proper solutions and policies in place, organizations will be unable to thwart malicious activity in the initial stages. As a result, they will ultimately fall victim to the devastating consequences associated with ransomware. 

A Look Inside The Stages of a Recent File-Borne Ransomware Attack

There are various ways threat actors can begin a ransomware campaign. All too frequently it begins with file-borne threats targeting corporate inboxes. In the scenario mentioned above, an employee downloaded a malicious Microsoft Word document disguised as an invoice. The document hosted malicious code that was able to execute a PowerShell command and ultimately deliver an Emotet payload. Emotet has the ability to hijack contact lists and send out the malware to other colleagues, clients and connections. This has made Emotet extremely effective in spreading their malware and gaining additional footholds into corporate networks and systems. 

Upon delivering Emotet, the TrickBot malware was utilized to harvest employee credentials. This allows threat actors to login into corporate accounts and cloud services to access sensitive data, especially information containing banking or credit card details. In this same scenario, threat actors were able to gain access to over half of the food and drink manufacturer’s network, specifically targeting applications hosting ordering and billing information. TrickBot is notorious for having redefined capabilities and increasing their level of sophistication to evade detection solutions–including traditional email security, strong password policies, and endpoint detection software–and further infiltrate corporate systems. 

Lastly, threat actors delivered the Ryuk ransomware. Ryuk targets enterprise and government networks and has been successful in receiving payments totaling millions of U.S. dollars. Once infected, administrators are notified that their network has been penetrated and all files within compromised systems have been encrypted. The organization is then instructed to make a payment, typically via Bitcoin, in order to have their information decrypted. 

Votiro Stops Malware to Safeguard Against Ransomware Attacks

Recently, threat experts have found the majority of ransomware attacks to be rooted in email, with phishing emerging as the most popular attack vector. It’s time for organizations to implement solutions that have the ability to prevent malware embedded in malicious code from infiltrating inboxes. Votiro’s Secure File Gateway product line is the only file security solution that ensures all files that enter your organization are completely safe, from whatever channel they enter. 

Votiro’s Positive Selection Technology singles out only the safe elements of each file, ensuring every file that enters your organization is safe. Votiro understands and protects all file types—from .ppt, docs, pdfs and image files, all the way to more complex formats like Autodesk files. Plus, even the most obscure, evasive, zero-day threats that no NGAV or Sandbox can possibly detect are rendered powerless by Votiro. This is because Votiro goes beyond blocking discovered threats – it eliminates threats from entering in the first place. 

Schedule a demo today.