| Ransomware data encryption | Hackers specialized in corporate email attacks, often using phishing email addresses that are identical to corporate email domains, to send an email with malicious data encryption (Ransomware) to users in the company. there. |
Their trick is to compress malicious code in a .zip or .zar format, which contains the executable files, which will automatically execute a command to encrypt data on the victim’s computer, then blackmail.
Where does business email get infected with ransomware?
Ransomware can infect the victim’s computer from many sources:
- Apps that are cracked or free on the internet often have malicious code inside.
- Scam schemes are based on a variety of social techniques.
- The business email was found to have the highest rates of ransomware infections.
The ransomware encrypts data to infect more quickly and easily than ever before:
“An architect of a construction architecture business in Hanoi receives emails from abroad. He opened the email, clicked on the link and all computers of this business were encrypted, all drawings of the business were affected for 3 years, causing serious damage ”.
Many businesses only turn to smarter email security solutions, when they find their current email security solution vulnerable and ineffective.
Consequences from the email attack ransomware?
In general, the purpose of email ransomware attacks is mainly ransomware. Famous email ransomware attacks are: WannaCry, GandCrab, Bad Rabbit, NotPetya.
According to the researchers, WannaCry’s email ransomware is a large-scale attack. It has attacked many hospitals in England and Scotland (NHS). An estimated 70,000 devices from computers, MRI scanners, and tools were infected. Globally, more than 250,000 computers are infected with this encryption malware.
Many businesses in Europe and the US are heavily affected by WannaCry ransomware attacks including: FedEx, Deutsche Bahn, LATAM Airlines.
In Vietnam, email attacks with ransomware encryption are not new. They turned to a professional email security service provider, with the desire to fully protect the organization’s email system.
Ransomware can spread to other computers via LAN (local area network) and cause damage to data, as well as the economy of the business. After the enterprise data is encrypted, it requires system recovery that takes a long time to process the infected computer and monitor other computers on the corporate LAN.
Tips to avoid attacks from mail ransomware
Hackers use email domain names identical to the email of the owner, making it difficult for users to detect fake emails. To prevent corporate email attacks with Ransomware malware, we recommend the following simple methods:
Step 1: Do not click on e-mails from strange addresses, pay attention to attachments, hidden URLs are sent to users’ emails, including from internal senders.
Step 2: Confirm by other means of communication, to verify important transactions via email.
Step 3: Backup important data.
Step 4: Use an intelligent mail filtering firewall with AI technology and Machine Learning.
Step 5: Do not open an email containing file extensions such as:
- JAR: They can take advantage of Java runtime insecurity.
- BAT: Contains a list of the commands that run in MS-DOS.
- PSC1: A PowerShell script with commands.
- VB and VBS: A Visual Basic script with embedded code.
- MSI: Another type of Windows installer.
- CMD: Same as BAT file.
- REG: Windows registry file.
- WSF: Windows Script File allows mixed scripting languages.
You can use some of the email filters we recommend below, as ransomware emails, today are included in the blacklist of these filters:
- zen.spamhaus.org
- bl.spamcop.net
- psbl.surriel.com
- escalations.dnsbl.sorbs.net
- rbl.realtimeblacklist.com
- dnsbl.dronebl.org
- ix.dnsbl.manitu.net
- b.barracudacentral.org
- truncate.gbudb.net
- bl.blocklist.de
Step 6: Use a mail gateway with powerful and flexible filters like VNETWORK’s SECU ECloud to prevent any email attacks.
How Mail gateway SECU ECloud protect mail server from ransomware?
SECU ECloud filters 3 layers of mail with Spam GUARD, Receive GUARD and Send GUARD
SECU ECloud secures both incoming and outgoing emails with the system including 3 smart filters: Spam GUARD, Receive GUARD and Send GUARD
Email, before being sent to the user, will go through Spam GUARD and Receive GUARD filters, filter out spam mail and virus mail, only clean mail is sent to the end-user.
Spam GUARD integrates SPF, DKIM, … email filters to synthesize all mail blacklists such as:
- zen.spamhaus.org
- bl.spamcop.net
- psbl.surriel.com
- escalations.dnsbl.sorbs.net
- rbl.realtimeblacklist.com
- dnsbl.dronebl.org
- ix.dnsbl.manitu.net
- b.barracudacentral.org
- truncate.gbudb.net
- bl.blocklist.de
Receive GUARD filters mail viruses, ransomware, dangerous URLs, phishing, to help protect businesses from dangerous attacks such as spear-phishing, ransomware, malware,… including zero-day attacks with artificial intelligence (AI) and machine learning and unique features that completely prevent email attacks.
Send GUARD controls the flow of outgoing email, filters email viruses, and malware, and increases the quality score of the organization’s mail server.
SECU ECloud integrates AI technology to help scan for malware, block dangerous links and phishing emails (fake email), and support virus mail filtering, ransomware, and targeted email attacks.
For questions and support regarding email security, please call HL: (028) 7306 8789