Think your organization’s well-protected from a ransomware attack? Think again. Ransomware attacks feel abstract, sent by nameless, faceless cybercriminals to find and exploit security vulnerabilities. These attacks aren’t new. Over 30 years ago, in 1989, cybercriminals released the AIDS trojan — PC Cyborg Virus — via floppy disk. To restore their systems, victims had to send $189 to a PO Box in Panama. Once cryptocurrencies like Bitcoin arrived in 2010, cybercriminals had begun to monetize ransomware even further.
The money at stake has grown dramatically — as technology has evolved and data has grown from bits and bytes to zettabytes and yottabytes — increasing from thousands to millions of dollars in costly damages. Targets can include individuals but also schools, universities, healthcare facilities and even entire cities. One report says in 2019, cybercriminals targeted at least 2,354 U.S. organizations including:
- 113 federal, state and municipal governments and agencies
- 560 healthcare facilities
- 1,681 schools, colleges and universities
If the average ransomware attack costs $8.1 million and requires 287 days to recover, 2020’s 113 attacks on government entities cost $915 million. Attacks have been automated making it all too easy — and cost effective — for cybercriminals to hack into any size company. Sending ransomware via email appeals to hackers because it’s easy to launch and uses a variety of trickery and misdirection to lock down computers and data or infiltrate and infect networks.
Just last spring, for example, DarkSide, an Eastern European-based criminal group, used ransomware to target Colonial Pipeline. It was the largest-known hack on U.S. energy infrastructure — ever. The pipeline shut down its 5,500 miles of pipeline carrying nearly half of the fuel for the East Coast. Panic buying of gas commenced. Prices soared over one weekend. The company paid its attackers nearly $5 million in ransom. And it’s just one in a series of ransomware attacks aimed at the U.S. infrastructure.
Because U.S. infrastructure was built long before online networks existed, it’s vulnerable to attack, even as more and more organizations go digital and more data lives in cyberspace.
One of the most effective ways cybercriminals can execute ransomware attacks? Email. Malicious actors continuously adapt to counteract defenses against their actions, automating their attacks to target organizations of all sizes. Hackers frequently access companies’ systems through phishing attacks: emails sent in an attempt to trick employees into clicking on attachments or links with malicious code (ransomware) or into unwittingly granting access to protected systems to inject the ransomware. Even cybercriminals planning to compromise a system often start with a social engineered email.
Email: handle with care
Malicious computer code — unleashed to block organizations’ access to their own networks and extort ransom — is one of malware’s most common forms. Once they control the network, cybercriminals set a deadline for payment. Should the targeted company refuse, the hackers can publicly share sensitive information, sell data or lock the organization out of its own network.
Given that emails deliver 96% of all social engineering attacks, email authentication provides the best first-line defense against ransomware attacks. Hackers frequently access companies’ systems through phishing attacks: emails sent to trick employees into clicking on attachments or links with malicious code. According to an APWG study, software-as-a-service (SaaS) and webmail users fall into the biggest category of phishing, at 34.7%. Business email compromise (BEC) attacks sent from free webmail providers exploded from 61% to 72%. More than half of those attacks used Gmail.
Stepping up the fight against ransomware
Before Domain-based Message Authentication, Reporting and Conformance (DMARC), only email authentication protocols DKIM and SPF existed. A serious problem with these protocols? They lacked a publicly stated policy and feedback mechanism. No one knew — or could tell — if DKIM or SPF were working or what the recipient could (and should) do with the results.
By implementing DMARC as their email authentication protocol, organizations add another level of protection to help combat the high percentage of phishing attacks originating from a fake sender. Designed to empower email domain owners to protect their own domains from unauthorized use, this critical layer — often missing from more traditional email content filtering via artificial intelligence (AI) or machine learning (ML) — prevents cyber attackers from employing domains for business email compromise attacks, email scams/phishing, and other cyber threats.
DMARC and its records prevent criminals posing as trusted parties to perpetrate phishing or other fraudulent email campaigns. It furthermore prevents spammers from leveraging a company’s hard-won email reputation to hitch a ride — and by doing so, damaging both the brand and the deliverability rates. A lack of authentication creates confusion and opacity about who can send emails. Layering email authentication with AI or ML analysis can authoritatively reject fake senders. Authentication, via DMARC, grants email senders permission to send emails and returns global control to the brands.
Taking a proactive approach to cyber attacks
The world continues to grow even more confusing and complex. As an increasing number of companies outsource more of their systems and more employees work remotely, criminals have also begun automating their attacks. They’ll become more prevalent and strike at an increasingly broad set of targets of all sizes. Smaller companies won’t be able to fly under the radar as they have in the past. Authentication brings order and clarity by specifying who can do what with a company’s domain and emails.
Organizations have many strategies to protect sensitive data. The first step involves educating their employees and raising awareness. Other smart processes include:
- Implementing strict password requirements.
- Backing up data regularly and test those backups to ensure they restore successfully.
- Implementing multifactor authentication (MFA) to reduce or eliminate the possibility of someone stealing log-ins and credentials. Use MFA for each entry point into your organization’s infrastructure, such as a combination of your VPN and your identity provider.
- Inventorying and securing all privileged accounts, giving employees local admin rights only when necessary (not by default).
- Patching devices regularly, prioritizing externally facing devices like VPN. Reduce the time between patching software and operating systems because monthly patch cycles aren’t enough to counteract fast-moving attackers.
The government spends 80% of its annual IT budget on operating and maintaining existing IT systems, leaving little money left over for investing in emerging technologies. This summer, the Biden administration announced plans to increase efforts to disrupt ransomware campaigns. A State Department program will offer awards of up to $10 million for information helping stop and punish cybercriminals targeting vital U.S. infrastructure and holding it for ransom.
The first line of defense against ransomware lies with email authentication. When implemented correctly, DMARC offers one cost effective, efficient layer for determining email’s authenticity. Enforcing email authentication protects a company’s domain against both inbound and global phishing abuse, provides visibility and control over the email services employed by the company and helps protect the brand overall from reputational and financial damage caused by fraud.
Over 850,000 domains publish DMARC records, and its adoption continues growing exponentially. Billions of global inboxes accept the DMARC standard — including all hosted by Google, Microsoft, Yahoo, AOL and other major email services providers. It’s long past time to start prioritizing workforce and tech modernization by incorporating DMARC solutions, email authentication and data encryption to prevent phishing/ransomware attacks.
Author Alexander García-Tobar is the CEO and co-founder of Valimail. He served as CEO at two previous firms and ran global sales teams for three companies that went IPO. Alexander held analyst and executive positions at leading research companies, such as The Boston Consulting Group and Forrester Research, along with Silicon Valley startups, such as ValiCert, Sygate and SyncTV.