The State of Email Security Report
Actionable steps to improve your organization’s email security and cyber resilience.
Detect ransomware with Mimecast
Ransomware is usually initiated when a user clicks on a malicious link or opens a weaponized attachment in an email message. These emails are designed to fool the reader into thinking that the message concerns a legitimate invoice, Word document, package notice or report. Once the user clicks on a link or opens the document, the ransomware virus triggers a binary file that encrypts documents on the hard drive or server, preventing users from accessing their data. To regain access, individuals or organizations must get a password to decrypt the files by paying a ransom to the attackers.
When your organization fails to detect ransomware, results can vary from a minor inconvenience and drop in productivity to a major catastrophe and complete data loss. The headlines are full stories about companies whose email security defenses couldn't detect ransomware effectively, causing damage to reputation and online.
To successfully detect ransomware, you need best-of breed solutions that can recognize ransomware tactics in emails and block users from accessing suspicious links and attachments. But you also need technology that lets you neutralize the impact should an attack be successful. Mimecast provides solutions for both.
Mimecast delivers tools for email security, archiving and continuity in an all-in one, subscription service. Mimecast's cloud-based offerings significantly reduce the cost and minimize the complexity of managing business email and securing it from ransomware and other advanced threats.
To detect ransomware, Mimecast scans all incoming and archived email on every click to identify suspicious URLs and attachments. Mimecast's services protect from ransomware by blocking access to URLs deemed to be malicious, and by sandboxing malicious attachments or transcribing them to a safe format for immediate access by users. Mimecast also provides end-user empowerment features that train users to detect ransomware and other threats in email.
In addition to technology to detect ransomware, Mimecast provides archiving and continuity services that mitigate the impact of a ransomware attack. Mimecast Enterprise Information Archiving is a multipurpose cloud-based archive that retains multiple, encrypted copies of emails and files, providing users with fast access to data even when security measures fail to prevent ransomware attacks.
Additionally, Mimecast Mailbox Continuity provides continuous access to email during an outage caused by a disaster, hardware failure or Cryptolocker or Locky ransomware attack, allowing users to access live and historic email and attachments without a disruption in service.
Learn more about how to detect ransomware Mimecast.
What is ransomware and how does it work?
Ransomware is a form of malware, or malicious software, that blocks users from using the files or data on their computer and demands a ransom to restore access. Ransomware is most often deployed via phishing emails, where users are tricked into clicking a malicious link, opening a dangerous attachment or divulging login information that attackers can use to gain access to a computer system. In other scenarios, attackers exploit vulnerabilities in software and systems to gain unauthorized access. In each instance, attackers are able to download ransomware to a computer, which then prevents individuals from using their data by encrypting files or restricting access to systems. Users typically see a screen with a ransom note and are instructed to pay a fee in crypto currency in order to save the data on their computer.
How to detect ransomware?
To protect an organization and its users against ransomware, it’s critical to employ technology that can detect ransomware as well as solutions to mitigate the effects of a successful attack. Services to detect ransomware include:
Solutions that help to mitigate the effects of a ransomware attack include:
How do security solutions detect ransomware?
Anti-ransomware solutions use a variety of technologies to detect ransomware. Email scanning and filtering services inspect the header and content in all incoming and internal email to look for indicators of a phishing, impersonation or ransomware attack. These may include header anomalies, domain similarity, recency of the sending domain, as well as certain suspect language in the content of emails. These services can also detect ransomware emails by inspecting all emails and blocking access to any URLs or attachments that are deemed to be malicious or suspicious. DNS authentication services seek to detect ransomware email by using SPF, DKIM and DMARC authentication services to determine whether the sender as a legitimate address or a spoofed address.
How to train employees to detect ransomware?
Security awareness training can be highly effective at educating employees to detect ransomware. Human error is one of the leading contributors to successful ransomware attacks, making security awareness training a top priority for organizations seeking to detect ransomware earlier and with greater consistency. Security awareness training can help employees to detect ransomware by looking for specific indicators such as:
What if you can’t detect ransomware?
When an organization or its users fail to detect ransomware and an attack is successful, the results can be devastating. The business can lose access to critical information, and the efforts to respond to ransomware and recover data can disrupt business for days or weeks. Lost business during this time can represent a significant decline in revenues, and loss of reputation can hurt a business even more.