Phight The Phish: What is the Relationship Between Ransomware and Phishing?

October 14, 2021

October is Cybersecurity Awareness Month in the US. Now in its 18th year, this annual effort is spearheaded by the Cybersecurity & Infrastructure Security Agency (CISA), Cybersecurity Awareness Month aims to make everyone aware of cyberattack risks. CISA has divided the month into four weekly segments that are each dedicated to a different aspect of cybersecurity with supporting resources available in the Cybersecurity Awareness Month resource center.   

Week of October 4 (Week 1): Be Cyber Smart.  

Week of October 11 (Week 2): Phight the Phish!  

Week of October 18 (Week 3): Explore. Experience. Share. – Cybersecurity Career Awareness Week  

Week of October 25 (Week 4): Cybersecurity First  


Excerpted in part from our eBook Cracking the RANSOMWARE Code, available now. GET YOUR COPY>>


Ransomware & Phishing Go Hand in Hand


Cybercrime is booming, and while that’s good news for the bad guys it’s very bad news for everyone else. Phishing is leading the charge as a profit-center for cybercriminals, and with it comes ransomware among other dangers. Worldwide, cybercrime costs small and medium businesses more than $2.2 million a year.  There are several ways that ransomware can enter a company’s IT environment. A hacker or disgruntled employee could deploy it directly. It could be slipped in a bogus software update. it may even arrive through a third party that has legitimate access to the company’s network and gets hacked themselves. But the most likely delivery system for ransomware is a phishing message – and that can be prevented. Learning more about ransomware’s relationship with phishing sheds light on the best ways for a company to reduce the risk of a devastating blow like a ransomware attack due to phishing.

5 Phishing Facts to Remember

  • An estimated 94% of ransomware arrives at businesses via email.    
  • 48% of infectious attachments that contain malware like ransomware are Office files. 
  • 90% of IT pros had clients that suffered ransomware attacks in the past year 
  • 51% of businesses worldwide were negatively impacted by ransomware in 2020
  • 74% of respondents in a 2021 survey said that their companies had been successfully phished in the last year

Automated security isn’t a luxury. See why Graphus is a smart buy. LEARN MORE>>


Spear Phishing & Targeted Ransomware 


Just like other phishing messages, ransomware-laden phishing messages can range from obviously bogus emails to highly sophisticated messages that imitate a legitimate email from a person or brand perfectly. Cybercriminals will make use of the abundant information about people and businesses in dark web markets and data dumps to craft compelling messages using social engineering techniques that entice employees to click their way to disaster. Cloning or spoofing branded messages or government communications are both very popular techniques to use when creating a phishing message. Many ransomware outfits also farm out that work to experts in crafting spear phishing messages.  An estimated 65% of active cybercriminal gangs use spear phishing as their favored method of delivery for ransomware. 

Targeted ransomware is becoming a larger threat as well. Precisely targeted ransomware, typically delivered through spear phishing, has grown by 767% and it is tricky to handle. Instead of operating generalized campaigns, many ransomware organizations are choosing to take the time to precisely target their attacks to snag targets in one particular industry or even one particular organization. Fueled by abundant dark web data that enables them to find out vital information about their targets, like a company’s email address roster or password lists obtained in old breaches, savvy cybercriminals are putting in work to make sure that their lures are as compelling as they can possibly make them. This helps them get around some security tools as well as lulling employees into a false sense of security. Targeted ransomware attacks also adhere to higher standards in the quality of the phishing email involved by making sure it doesn’t have the typical spelling or usage errors, a hallmark of phishing that is emphasized in security awareness training 


See how ransomware rocks businesses in The Ransomware Road to Ruin. DOWNLOAD IT NOW>>


Remote Work Support & Ransomware 


The rapid transition to remote work that was spawned by the global pandemic has been a goldmine for cybercriminals. Tech Republic reported that more than 40% of remote workers admitted that they’d made email handling errors that caused cybersecurity incidents during the pandemic lockdowns.  making them more likely to make cybersecurity mistakes. Over 50% of respondents in a remote work cybersecurity survey admitted that they were more error-prone while stressed. More than 55% of workers in an employee error detection survey admitted that they were frequently off-balance when working from home, leading to security blunders – 40% said they made more mistakes when they were tired or distracted. Millions of newly remote workers, many of whom were not trained to face remote work cybersecurity hazards, were suddenly extremely isolated and stressed out, making them prime targets for email-based cyberattacks like phishing, ransomware and business email compromise.

That flood of remote workers also led to a flood of emails. An estimated 55% of remote workers use email as their primary form of communication.  While chat programs and video conferences are popular ways to keep project teams in communication, email still rules the roost in business.  An estimated 306.4 billion emails were sent and received each day in 2020, triple the average increase of past years. That figure is expected to continue to grow steadily as companies continue to grapple with the implications of the ongoing pandemic and virus variants that could lead to long-term remote work becoming the norm. If email volume continues to trend the way that experts expect, it is estimated to reach over 376.4 billion daily messages by 2025. Of course, a deluge of email flowing in and out of businesses every day created a wealth of opportunities for ransomware attacks that bad actors did not allow to go to waste. Businesses experienced a 64% increase in overall email threat volume. 


See the tide of phishing rise & fall to spot future trends in the eBook Fresh Phish. GET IT>>


Types of Ransomware a Phishing Message May Carry 


Ransomware can wreak havoc at companies of any size, and small or medium businesses are in just as much danger as major corporations. Its versatility as a weapon against targets of any size is a big reason why cybercriminals favor this method of attack.  Within that wealth of variety, there is a constant: the ransomware itself generally conforms to one of two essential frameworks.  

Crypto Ransomware 

Crypto ransomware encrypts data like files on a computer, making them unable to be accessed. Cybercriminals then offer to sell the victim their decryption key. This type of ransomware does not impact the machines it is used on, just the data.  

 Locker Ransomware 

Locker ransomware makes devices unusable, like computers or machinery. The cybercriminals will offer to unlock the affected devices upon payment of the ransom. This is the type of ransomware typically used in infrastructure attacks or attacks against manufacturing targets. 

Big business only made up 50% of all ransomware attacks between August 2020 and July 2021. 

Ransomware Variations 

Every cybercrime gang has its own secret sauce – it’s signature variety of ransomware. That’s a strong selling point for big cybercrime organizations when recruiting affiliates – typically, affiliates have access to the boss gang’s tech. But how that ransomware does its dirty work can have many variations

Double Extortion 

Double extortion ransomware is a rising star as cybercriminals double down on their attacks to double their profits by requiring their victims to pay twice to repair two ill effects n their IT systems and data. It could be something like one ransom for the decryption code to unlock their systems and a separate fee to not have the encrypted data copied by the gang. This is the most common variety of ransomware and all of the major ransomware extortion outfits operating today use this technique. Practitioners of this tactic were responsible for more than 50% of all ransomware attacks in 2020

Triple Extortion 

Triple extortion ransomware is beginning to gain popularity. Adding one more step to the traditional double extortion dance, triple extortion ransomware not only requires companies to pay the extortionists a fee for two ill effects on their IT environment, like a fee for a decryption key for machines and the return of their uncopied data, but it also includes a payment to avoid another damaging effect like a public announcement that could create reputation damage. Paying fees does not increase the chance that a company’s data is restored – less than 60% of companies that pay the ransom are able to recover any of their stolen bdata.

Targeted Ransomware 

Targeted ransomware is the new trend, and it is exploding – growing by 767% in 2021. In this style of attack, bad actors don’t craft a spear phishing email designed to appeal to many targets; instead, they design a spear phishing email designed to lure in a few very specific targets, often executives or managers with spending power. Sometimes cybercriminals will choose targets that enable them to attain privileged credentials, like an IT administrator. By choosing only specific targets within an organization, bad actors increase the likelihood that the message makes it through security and doesn’t raise suspicion, even in the target. 


What’s next in phishing? Find out in the 2021 State of Email Security Report! GET IT NOW>>


Stop Ransomware When You Stop Phishing 


Ransomware is a cybercrime behemoth that isn’t going away anytime soon. Just last year, two in five SMBs around the world faced a ransomware threat. In 2021, the pace of ransomware attacks has grown even more frantic, exemplified in a massive 45% increase in ransomware attacks in April 2021 alone. Although it may be hard to believe, ransomware is an equal opportunity threat and cybercriminals aren’t always on the hunt for the biggest fish in the pond when they plan campaigns. An estimated 50% of ransomware attacks last year were aimed at small businesses. They’re more than happy to strike smaller organizations that have historically weak security yet store large amounts of valuable data like retailers, medical practices or service providers. That’s why it’s essential that every business makes ransomware attack prevention a top IT priority – and stopping ransomware starts with stopping phishing.  


Get Email Security That Catches More Phishing for Less Money


Graphus reliably defends your business from cybersecurity risks like phishing 24/7/365. This powerful automated guardian is easy to set up and gathers its own threat intelligence, eliminating the need for human staffers to add threat reports or tinker with settings. Powered by an AI that never stops learning, Graphus learns your communication patterns to tailor your protection perfectly, defending your business from trouble by putting three strong shields between you and the bad guys – all at an amazing price.

  • TrustGraph uses more than 50 separate data points to analyze incoming messages completely before allowing them to pass into employee inboxes. TrustGraph also learns from each analysis it completes, adding that information to its knowledge base to continually refine your protection and keep learning without human intervention.
  • EmployeeShield adds a bright, noticeable box to messages that could be dangerous, notifying staffers of unexpected communications that may be undesirable and empowering staffers to report that message with one click for administrator inspection.
  • Phish911 enables employees to instantly report any suspicious message that they receive. When an employee reports a problem, the email in question isn’t just removed from that employee’s inbox — it is removed from everyone’s inbox and automatically quarantined for administrator review.
  • SEE OUR 3 SHIELDS EXPLAINED IN AN INFOGRAPHIC   

Don’t keep throwing bad money after good to prop up old-fashioned manual security solutions. Discover the benefits of affordable AI-powered smart automation for your business. Schedule a demo of Graphus today.

Stay safe from even the most sophisticated cyberattacks and social engineering scams

Put the powerful TrustGraph® AI of Graphus to work for your business, and in minutes you’ll get a powerful, easy-to-use, and customizable EmployeeShield® against phishing attacks.
Get a Demo of Graphus