Stopping Ransomware Attacks Via Email Authentication

Think your company’s well-protected from ransomware attacks? Think again. Cybercriminals use these attacks to find and exploit security vulnerabilities, damage reputations, steal valuable information and critical data. And they’ve been around for decades.

One of the first major viruses hit in 1989 with the AIDS trojan — PC Cyborg Virus. Cybercriminals delivered it via floppy disk, demanding victims send $18 to a Panamanian PO box. By 2010 and the arrival of Bitcoin and other cryptocurrencies, cybercriminals upped their game.

Monetizing ransomware has increased stakes significantly. Data’s grown to zettabytes and yottabytes. And cybercriminals are using evolving tech for their own nefarious purposes. Damages from cyberattacks can range from the thousands to millions of dollars in costly damages. Targets include healthcare facilities, entire cities, educational institutions, government entities, individuals, and others.

According to The State of Ransomware in the US Report, the average ransomware attack now costs over $8 million and nearly 300 days from which to recover. Just as technology has driven innovation and discovery, it’s also made it all too easy for cybercriminals to automate their attacks and hack into companies of any size. Hackers use the technology specifically designed to stop them to develop devious counterattacks.

Using emails to send ransomware is an easy approach. It takes little effort to launch, doesn’t really cost much, and enables hackers to use a whole range of misdirection and tricks to lock down data or computers—or infiltrate and infect entire networks. It’s all too easy to fool employees into opening what looks like an authentic email and click a link or download an attachment. It’s these links that hide ransomware, granting hackers easy access to even the most sensitive—and theoretically protected—systems.

Phishing Attacks by the Numbers

According to a recent Expert Insights article that compiled global phishing statistics, 96% of all social engineering attacks—including ransomware—come from email. Sourced from a range of third-party surveys and reports, the research suggests companies must increase their diligence, when it comes to email—even organizations with robust security measures in place.

Protecting Email from Unauthorized Use

An APWG study found the biggest phishing attacks (almost 35%) target webmail and software-as-a-service (SaaS) users. The  number of BEC attacks sent from free webmail providers like Gmail increased 11 percentage points to a staggering 72% last year.

So how can companies combat these attacks, which not only result in stolen company or customer data but can lead to reputational and long-term financial damage? Email authentication.

DKIM and SPF email authentication protocols have existed for quite some time; however, they don’t have a feedback mechanism or publicly stated policy. And you can’t tell if they’re working or not, nor do recipients receive guidance on what they should do with the results.

Enter Domain-based Message Authentication, Reporting and Conformance (DMARC). This protocol was specifically designed to help protect companies from the high percentage of phishing attacks coming from fake senders.

Originally released in 2012, the DMARC standard has seen an increase in the number of domains with published DMARC records to nearly one million—70% growth over 2019 and 180% growth from 2018.

This security solution enables email domain owners to protect those domains from unauthorized use. No longer can a hacker “conscript” another company or brand logo or name for criminal purposes like email scams/phishing or BEC attacks.

How does it work?

Quite simply, DMARC and its records were designed to prevent spammers from hitching a free ride on a protected domain and to increase email delivery from authorized senders. DMARC, via authentication, grants senders permission to send specific emails. It returns global control and ability to the companies to own and assign trust (and filter) specific email addresses. Ultimately, DMARC increases email deliverability while preventing spammers from using an email address for phishing or sending ransomware.

DMARC—a collaboration of rules determining whether an email message should continue its journey to the user inbox—uses SPF and DKIM to help with the inbox filtering. While the email admin determines the specific rules, DMARC also uses DNS records to identify whether an email server has been registered and authorized to send email on an organization or company’s behalf.

SPF is the DNS TXT record verifying authorized servers may send the email, and when that email arrives in the recipient’s email server and DMARC rules have been enabled, the server looks for the SPF record.

DKIM takes it a step further, still requiring a TXT record but also implementing asymmetric public-private key encryption. This approach uses the domain’s public key to encrypt messages. WIth DMARC, the recipient’s email server uses the domain’s private key to verify the signature that’s been encrypted with the public key published on DNS servers. 

Inbound servers compare email signatures with DKIM using the published public key with the message decrypted using a newly generated key. Matching string results confirm that no one has altered the message, validates the sender’s identity and verifies the message didn’t originate from a fraudulent sender address.

A Proactive Approach to Defending Against Cyberattacks

DMARC is a complex but valuable cybersecurity tool empowering companies to defend themselves from phishing attacks and malicious email content. As cybercriminals continue to automate their attacks, taking aim at broader targets of all sizes, even smaller companies who’d previously flown under the radar won’t have that option.

Authentication specifies who can do what with a company’s domain and emails, bringing order and clarity organization wide. DMARC adds a cost effective, efficient layer to validate email authenticity. When strategized and correctly implemented—and with billions of inboxes globally accepting the DMARC standard—organizations can protect themselves from phishing and ransomware attacks. In fact, Forrester estimates a typical, large enterprise can save $2.4 million per year with a DMARC policy at enforcement. No industry is safe from cyberattack. If your company needs to shore up its email defenses, consider talking to one of the members at CREA United. Chris Dutra of Anatomy_IT, Del McLennon, of Safari Solutions, Inc., Mike Smith, of Axis Insurance Services LLC, Jack Ishak of All Point Insurance Agency, Steve Edelstein of USI, and Lou Marucci of SB One Insurance Agency, are some of CREA’s members with deep experience advising on technology solutions including cybersecurity risk mitigation within the enterprise marketplace.

Related Articles