Ransomware is making headlines for all the wrong reasons – because it’s succeeding. You’ll have read plenty about the major attacks this year on Kayesa, Colonial Pipelines, and others. However, it would be a mistake to assume it’s only giant organisations and critical infrastructure at risk.

Businesses of any size can be hit by ransomware. Thanks to the rise of ‘Crime-as-a-Service’ and the effectiveness of email phishing, it’s never been easier for new cybercriminals to get in on the action. To protect yourself, you need to understand where these attacks are coming from, and how they’re being delivered into your organisation. 



The internet is an amazing tool for education and sharing ideas. Unfortunately, not everyone uses it in a positive way. There’s never been a better time for an aspiring criminal to dip their toes into the world of cybercrime. Online marketplaces (usually on the dark web) exist where networks of criminal gangs create and sell software, methodologies, and even toolkits for carrying out ransomware and other cyberattacks. 

For example, a prospective hacker can easily buy a list of targets, ransomware software, phishing templates and automation tools. Yes, there would be an initial outlay, but the potential illicit gains from a ransomware attack are huge. And as the Crime-as-a-Service networks grows, even more doors will open for both new and existing cybercriminals.

Once they’ve bought the relevant components, they then simply need to set the attack in motion. The key point is these attackers no longer need advanced hacking or software building skills to do this. Over 90% of ransomware is delivered by email phishing. Email is free, easy-to-use, and can be used to launch multiple attacks at once – plus it’s much easier to get an insider to mistakenly download ransomware from a phishing email than it is to externally hack an organisation’s cybersecurity defences. 


Killing the kill chain

Once ransomware has struck, the sad truth is it’s often too late to act. You’re left with two bad options: pay the ransom in the hope you receive a decryption key (and without any further blackmail), or face rebuilding your entire IT system from scratch at a cost that’s likely higher than the ransom. Even then, it’s rarely the end of things. Eighty per cent of ransomware victims are targeted again, and in 46% of cases it’s by the same cybercriminals. 

To stem the tide of ransomware, we need to counteract it further up the kill chain. A ‘kill chain’ is the series of events that need to occur for a ransomware to be successful. It runs from reconnaissance, to delivery, and all the way through to installation and taking control of an organisation’s system. 

Stopping the delivery of ransomware via email phishing is the key to breaking the kill chain and greatly reducing the chance of a successful attack. Unfortunately, the problem has not been solved effectively to date by traditional solutions. Technology is part of the answer, but efforts need to be focussed on the right area by recognising phishing as an insider threat.  


Why phishing is an insider threat

This may seem counterintuitive, as phishing attacks obviously originate from external bad actors. But if an employee doesn’t actively initiate the download process by opening and clicking on the link or attachment within the phishing email, nothing happens. Once criminals get their phishing email inside of an organisation’s defenses, they live in hope that an employee picks up the task from there, inadvertently unleashing ransomware into internal systems. 

Businesses hope that if a phishing email lands in front of an insider, their cybersecurity training kicks in and they don’t fall for it. The problem is they need this to happen every time to avoid a ransomware attack, while cybercriminals just need one person to make a single mistake. So many traditional security systems miss the mark when it comes to this. Some products are simply glorified blocklists that offer no protection against the attacks that do slip through and land in a user’s inbox. 

Phishing is a human problem, so any technology-based solution needs to work with people. A more intelligent human layer approach is needed.


Human layer security

You can start by accepting that some advanced phishing attacks will get through your edge solutions. The question now, is “When phishing attacks do reach my human layer, how do I stop that vital instance of human error that will bring it to fruition?” And then you must arm employees with the help they need to detect attacks in real time. 

Truly effective anti-phishing technology uses machine learning and natural language processing to detect the signs of sophisticated phishing in real time. The best solutions also have an educational element, showing employees why an email was deemed risky and empowering them to become cybersecurity advocates who can identify future breaches.

It’s like giving every employee their own personal cyber expert – an unobtrusive one that works silently, only offering advice when it’s genuinely needed. This approach empowers your human layer to become a powerful first line of defence and greatly reduces your risk of being caught out by ransomware.