Though the use of email is generally regarded as safe, there eventually will come a time when a malicious email pops up in your inbox. Some disguise themselves as free cruise ship offers or strange App Store alerts but most of the time are easy to spot. However, those malicious emails which you may simply ignore or delete, others might fall for the bait and proceed to follow the instructions and download possible attachment in those emails. Such attachments would most certainly be malicious and ruin the day of the individual when moments after opening the attachment they are greeted with a red screen informing them of a bitcoin payment to get their data back. Unknowingly to them, they have fallen victim to a ransomware attack.
As unlikely as the above situation sounds, such situations are far from uncommon. In the two year span from 2017 to 2019, ransomware phishing emails grew 109% with a new victim every 14 seconds. Cybersecurity and IT experts such as Ron Bush warn that “we’re at war and don’t realize it,” with many Americans not realizing just how much data is being stolen. Even with the ever increasing awareness towards ransomware, many critical sectors like hospitals and police departments remain vulnerable. The frequency of these sectors falling victim to ransomware attacks is increasing with cases such as the November 2019 ransomware attacks that left dozens of hospitals non-operational. Perhaps more has to be done, even with existing solutions such as secure email servers capable of filtering out malicious emails from IT companies such as FireEye. While many security experts see software solutions as the answer to the problem, they are limited to individuals who are willing to pay for the prescription plans or sacrifice some efficiency and easy access that comes with using email.
With the abundance of advanced ransomware prevention solutions such as FireEye’s software available on the market, perhaps there are more intelligent solutions available. These solutions would instead combat ransomware attacks through education and awareness, instead of building a fort around the problem like the software solutions do. IT firms like Sophos follow such an approach and offer a product consisted of hyper realistic training for employees. This product allows for “automated attack simulations” which would allow employees to experience an attack, and thus making them more aware. In such cases, it isn’t necessary the sophisticated software that is needed to filter out possible attacks, but an experience that will put a straightforward message into the person on how to spot malicious emails. Infact, considering that filtering software would only cover the individual in their work environment, the individual could still fall victim when using their personal email accounts.
Considering the severity of ransomware, why haven’t more companies brought this topic up? A simple google search on emails safety reveals thousands of websites with tips on how to prevent yourself from falling victim. Additionally, institutions such as University of Rochester provide very simple and easy to read tips on email safety and detecting malicious emails which could easily reduce the number of incidents involving ransomware. These tips could easily be printed out and placed next to a screen in a hospital or police station which could help a user verify a suspicious email.
As to why ransomware keeps rising even with amount of solutions to prevent it, a lot of it has to do with not knowing the problem. Not many people know about ransomware until they have fallen victims themselves. Such a case is similar to when one falls ill with an infection. That individual would not know much about the effects of the infection beforehand until they have gotten it themselves. As to what could be done beforehand, the best solution solution would be to simulate an infection in order to grasp its effects. Similarly to Sophos solution but free, my solution would allow many people to experience the effects of ransomware. Through this experience, they would be more cautious in trying to prevent ransomware, similarly to trying to avoid a bad infection for the second time. It would be at this point when prevention tips from sites such as University of Rochester are introduced. Ultimately, many people would be able to become informed at the price of an experience instead of the cost of a bitcoin payment later on.
Perhaps, the easiest way to prevent ransomware is to use the same level of caution one uses in their everyday life and apply it to emails. If an offer presented in the email is too good to be true or one is asked to download some attachment for a support ticket that they never wrote, treat it as a threat and avoid it at all costs.
Data Breaches 