Mimecast Logo
Obtenir un devis

    What To Do If You Get A Ransomware Email

    Mimecast is proud to serve enterprises with email security services that protect your organization against ransomware attacks.
    Schedule a Demo
    Ransomware Email
    Schedule a Demo
    Key Points

    What you'll learn in this article

    Learn everything there is to know about ransomware emails, what to do if you get a ransomware email and how Mimecast can help you protect your organization from ransomware attacks.

    • Ransomware often enters through phishing emails, so employee awareness, advanced email security, and multi-factor authentication are essential defenses.
    • Regular software updates, strong backup procedures, limited user access, and endpoint protection help reduce vulnerabilities and contain attacks.
    • Segmenting networks, monitoring traffic, and having a tested incident response plan create a layered, resilient defense against ransomware.

    What does a ransomware email look like?

    Ransomware emails can camouflage themselves as legitimate emails better than many expect. You might see an email that appears to come from your organization’s CEO with a hyperlink that claims to be for a gift card purchase, a training course, or even a meeting invitation, but the link is actually malware.

    Among the most obvious signs of ransomware are:

    • Suspicious or unrecognized sender email
    • Obvious grammar or spelling errors
    • Abrupt and/or unusual requests to purchase gift cards
    • Inconsistent company logo or email signature

    Ransomware email examples

    Phishing scams

    A phishing scam tricks victims into clicking on malicious links and/or revealing confidential information, such as a password. Phishing emails typically disguise themselves as coming from someone within the victim’s organization.

    Ryuk

    Ryuk is a type of ransomware that is usually deployed in phishing scams. Once cyberattackers gain access to the target organization’s network, they encrypt important files, demanding a ransom to decrypt the files.

    Learn more about Ryuk.

    Maze

    Maze was one of the first RaaS (Ransomware as a Service) models which even had its own “customer service” page that helped victims of its ransomware attacks figure out how to pay ransom and regain access to their files.

    Maze was commonly deployed via phishing attacks, but there were also many instances where Maze preyed on weak passwords and successfully infiltrated organizations using brute-force attacks.

    Learn more about Maze.

    The evolving threat of email ransomware

    Though ransomware variants like Maze and Ryuk are relatively well-understood, and Maze allegedly shut down in 2020, there are plenty of emerging threats that have been emerging suddenly to extort all kinds of organizations. New ransomware threats are often based on previous ransomware models, and sometimes operated by the same cyber criminal affiliates—often under different names.

    As ransomware continues to evolve, so too does cybersecurity. Mimecast will always be there to help protect your organization protect against ransomware attacks and keep you informed about new potential threats. Enter your email to receive updates on the latest trends in cybersecurity and how you can keep your organization in the loop.

    Advanced Email Security and Collaboration Protection

    Ransomware attacks continue to evolve and pose serious risks to organizations of all sizes. Ensure your organization is ready to defend against these threats with Mimecast’s comprehensive solutions.

    Explore Our Solutions

    Should you pay ransom for ransomware emails?

    No, it is generally advisable to never pay ransom, as this will not guarantee access to your files and could encourage cyberattackers to extort your organization again. In fact, it’s fairly common for organizations who pay ransom to be targeted again by the same cybercriminals.

    Instead, it’s better to partner with law enforcement and cybersecurity experts to help recover your data and bring cybercriminals to justice. Coalitions of cybersecurity experts and law enforcement agencies have taken down many ransomware operations and successfully provided decryption keys.

    How to report ransomware emails

    In many cases, reporting ransomware emails to law enforcement is required by law. If you are in the US, gather as much information as you can and submit your report to the FBI’s Internet Crime Complaint Center (IC3). They will request the following information:

    • Date of Infection
    • Ransomware Variant (identified on the ransom page or by the encrypted file extension)
    • Victim Company Information (industry type, business size, etc.)
    • How the Infection Occurred (link in e-mail, browsing the Internet, etc.)
    • Requested Ransom Amount
    • Actor’s Bitcoin Wallet Address (may be listed on the ransom page)
    • Ransom Amount Paid (if any)
    • Overall Losses Associated with a Ransomware Infection (including the ransom amount)
    • Victim Impact Statement

    If you are a victim of a cybersecurity attack, you can also contact your local FBI field office, or submit a tip online.

    Ransomware email prevention

    Email ransomware is an ever-evolving threat to organizations and businesses of all sizes, but there are ways to protect yourself against becoming the next victim of a ransomware attack.

    Mimecast is proud to serve enterprises with email security services that protect your organization without compromising efficiency of communication or managing data. With cloud-based servers and unique security awareness training, Mimecast makes it possible for your organization to conveniently and safely manage your data while also empowering everyone in your organization to respond appropriately to cyberattacks.

    Try on Mimecast for your organization by getting a customized plan and quote.

    How To Respond To Ransomware FAQs

    If you receive a ransomware email, do not open any attachments or click on any links. Immediately report the email to your IT team and delete it from your inbox. If you suspect your network is already infected, disconnect the affected systems from the internet to prevent further spread and contact your security experts to begin an investigation.

    Recovery depends on the nature of the attack. If you have secure backups, you can restore your files. For certain types of ransomware, decryptors may be available, though they are not guaranteed to work. Mimecast’s cloud-based backup system ensures secure data backups, enabling organizations to restore email, contacts, and calendars.

    After a ransomware attack, securing your network is critical. This includes applying security patches, reviewing network access controls, and implementing stronger cybersecurity protocols. Additionally, ensuring you have robust email protection and training for employees on spotting malicious content is essential in preventing future attacks.

    Related Ransomware Email Resources

    Resources_16.jpg
    Email & Collaboration Threat Protection

    Ransomware: Defending against costly collaboration attacks

    Whitepaper
    Resources_21.jpg
    Email & Collaboration Threat Protection

    Tiong Nam secures users from constant email phishing and business email compromise attacks

    Case Study
    Resources_17.jpg
    Email & Collaboration Threat Protection

    Building Resilience: Email, Messaging, and Collaboration Security in the Human Risk Era

    Webinar
    Haut de la page