Prevent Malware and Ransomware Attacks

Stop the malicious malware that infects your computers and leads to breaches.

Get Our CISO Guide to Ransomware
Ransomware Attacks Header V2


percentage of ransomware attacks delivered through email

Source: Barracuda Networks Research

11 Seconds

is the interval between global ransomware attacks

Source: 2017 Cisco Annual Cybersecurity Report


percentage of organizations impacted by ransomware

Source: Sophos, State of Ransomware 2021

Stopping the Most Malicious Attacks

Ransomware is the most malicious type of malware and employs encryption to hold information at ransom. When delivered through email, ransomware can establish its presence on an endpoint and then drop malicious binary on the system. This binary then searches for and encrypts valuable files, only releasing them after the ransom is paid. Making matters worse, in some cases these files are never released, even after paying the ransom. In these attacks, the threat actor ...


Buys or creates a malware program, typically one that launches upon click.


Targets an organization with an email spam campaign.


Waits while the malware executes malicious binary and encrypts valuable files.


Prompts the victim or organization to pay a ransom to decrypt the files.

abnormal recognizing a malware and ransomware email

Recognizing a Malware or Ransomware Attack

This email passed legacy controls because it comes from a legitimate email address and because the link leads to a legitimate document.

However, this email is the start of a malware attack:

  • The language contains urgent language with a link the user would be compelled to click
  • The link is a Google Doc—a common cybercrime tactic since these links are used daily for legitimate business purposes
  • The link leads to the download of a Microsoft Excel file with macros that could let attackers gain control and download ransomware

Based on this information, combined with the fact that this send has never before emailed the victim, Abnormal can determine that this is a malware attack.


Prevent Malware From Holding You Ransom

sample email with fake address

Detect Suspicious Correspondence Patterns

This email about a new required documentation appears to be sent from Printers and More, but the email address is actually one created to look similar to the real domain.

The email exhibits suspicious sending behavior and the sender uses language that is attempting to engage with Jim, but the email address does not match the display name—a common pattern in impersonation attempts.

sample email with malicious url

Block Malicious Links and Attachments

Abnormal finds that even though the link looks legitimate, it redirects to a suspicious site upon click.

The URL displayed within the email matches the company name that Jim would expect. If he were to see the email, he would have certainly clicked on the link.

Abnormal safely inspects links and attachments to ensure that they are safe, and finds that the link actually redirects to a Wordpress site that attempts to initiate a download of emotet—a sophisticated trojan that is a direct cause of advanced ransomware attacks.

real phone number detected

Provide Forensics To Security Teams

Abnormal protected Jim from this socially engineered ransomware attack. The security team is aware of it.

Abnormal automatically prepares a detailed analysis of the attack, and makes it available for the security team to review.

In addition to information on the unusual sender, the content and tone of the email, and the nature of the request, the team is also able to review the contents of the attachments and the links targets in preview mode.


Trusted by Global Enterprises


See the Abnormal Solution to the Email Security Problem

Protect your organization from the full spectrum of email attacks with Abnormal.

Integrates Insights Reporting 09 08 22

Related Resources

Resource 04 Threat Report
Our threat report on ransomware shares insight on attack methods, locations, payouts, and more across 4,200 victims.
Download Now
Ciso guide ransomware cover
The debilitating Colonial Pipeline attack in 2021, which cost the organization $4.4 million to restore the data, highlights the devastating consequences of ransomware and why nearly one in three companies hit with an attack is likely to pay the fee.
Download Now
Webinar beyond spam cover
Adversaries are increasingly targeting the enterprise email inbox, and security teams need to look further than just spam and phishing attacks.
Watch Now
Interactios threat actor cover
Ransomware is a major problem, and it’s not going away. To understand it, we must understand why threat actors turn to it—and how it can be stopped. The best way to do that is to chat with the masterminds behind these attacks.
Watch Now