Prevent Malware and Ransomware Attacks
Stop the malicious malware that infects your computers and leads to breaches.
percentage of ransomware attacks delivered through email
is the interval between global ransomware attacks
percentage of organizations impacted by ransomware
Stopping the Most Malicious Attacks
Buys or creates a malware program, typically one that launches upon click.
Targets an organization with an email spam campaign.
Waits while the malware executes malicious binary and encrypts valuable files.
Prompts the victim or organization to pay a ransom to decrypt the files.
Recognizing a Malware or Ransomware Attack
This email passed legacy controls because it comes from a legitimate email address and because the link leads to a legitimate document.
However, this email is the start of a malware attack:
- The language contains urgent language with a link the user would be compelled to click
- The link is a Google Doc—a common cybercrime tactic since these links are used daily for legitimate business purposes
- The link leads to the download of a Microsoft Excel file with macros that could let attackers gain control and download ransomware
Based on this information, combined with the fact that this send has never before emailed the victim, Abnormal can determine that this is a malware attack.
Prevent Malware From Holding You Ransom
Detect Suspicious Correspondence Patterns
This email about a new required documentation appears to be sent from Printers and More, but the email address is actually one created to look similar to the real domain.
The email exhibits suspicious sending behavior and the sender uses language that is attempting to engage with Jim, but the email address does not match the display name—a common pattern in impersonation attempts.
Block Malicious Links and Attachments
Abnormal finds that even though the link looks legitimate, it redirects to a suspicious site upon click.
The URL displayed within the email matches the company name that Jim would expect. If he were to see the email, he would have certainly clicked on the link.
Abnormal safely inspects links and attachments to ensure that they are safe, and finds that the link actually redirects to a Wordpress site that attempts to initiate a download of emotet—a sophisticated trojan that is a direct cause of advanced ransomware attacks.
Provide Forensics To Security Teams
Abnormal protected Jim from this socially engineered ransomware attack. The security team is aware of it.
Abnormal automatically prepares a detailed analysis of the attack, and makes it available for the security team to review.
In addition to information on the unusual sender, the content and tone of the email, and the nature of the request, the team is also able to review the contents of the attachments and the links targets in preview mode.