Ransomware is a specific type of malware attack that involves a criminal transmitting contaminated software intended to infect the recipient’s computer and encrypt all of its data. The attacker demands a ransom in exchange for unlocking the computer’s digital content.
Some ransomware attacks use phishing emails to target their victims and exploit known vulnerabilities in a specific operating system or software program. Others rely on tricking the target into installing malware by inducing them to click a link or open an attachment.
Why it matters
Ransomware attacks are growing rapidly, in part due to their ability to proliferate quickly through internet communications. Unlike spear phishing, they don’t need to target a specific individual. Rather, they are a high-volume and effective attack against consumers and corporate users in any industry, geography, or business function.
However, in the most impactful ransomware cases, criminal impersonate a trusted party in order to trick a victim into their confidence. Often they use a legitimate domain name in the visible “From” field of the header, leaving receivers with no way to validate the sender’s true identity. These same-name domain attacks account for two-thirds of all email attacks.
In ransomware cases where same-name domain impersonation is used in phishing messages, DMARC adoption by the impersonated domain would effectively block the attack 100 percent of the time.