Is Ransomware Hiding in Your Inbox?

Phishing campaigns are up 789% since the last quarter of 2015, due to a jump in statistical data that shows a 6.3 million increase in raw numbers. What’s worse, industry experts have reported that 93% of phishing emails contain ransomware.

In a recent review of malware, three key trends were identified during 2015—but these methods are no longer trends in 2016, as they have become everyday tools in the hacker’s toolbox:

  • Soft Targeting by Functional Area
  • Encryption Ransomware
  • Download Attachment or File/Ransomware Combination

The fact is, phishing emails—and those containing ransomware, specifically—have become a favorite weapon of today’s persistent cybercriminal. And because these attacks don’t respect borders or respond to law enforcement efforts, the effect is widespread throughout industries and global in reach.


Soft targeting has become a 2016 methodology that, just last year, was considered only a “trend.” With soft targeting, cybercriminals will focus on a category of individuals based on their position in a corporation or organization. In contrast to the specific targeting and broad distribution of “spear phishing” campaigns, soft targeting doesn’t limit itself to a particular individual or global location, regardless of where they are in the world. In soft targeting situations, a hacker will focus his or her efforts with malicious emails containing phishing content that is relevant to a particular role—complete with appropriate Microsoft Office attachments containing malware or the potential for malware downloads.

At the end of 2015, cybercrime researchers pointed to the increased use of JavaScript download methods as the preferred malware delivery mechanism. This suspicion was confirmed during the first three months of 2016 when industry leaders realized their predictions were true with an increase in the use and distribution of Locky and other JavaScript applications. JavaScript delivery of malware has now surpassed MS Office with macro scripts as the most common method of delivery via phishing emails, as JSDropper applications have reportedly been present in almost one-third of all phishing emails.

Regardless of whether cybercriminals deploy encryption ransomware via phishing emails, utilize Locky or Dridex or JSDropper or even old school Office documents with macros attached to falsely personalized messages, or soft target functional areas of an organization, it’s clear that the impact of these ransomware attacks is only getting worse—and more expensive to deal with.

Once attacked, an impacted organization must expend often scarce resources in incident and disaster response efforts, launch incident response public relations damage control campaigns, and as seen in many recent cases—reward hackers with ransomware payouts to release private decryption keys in an effort to restore sensitive organizational files and data.

Industry experts agree that with the frequency and catastrophic potential of phishing emails containing ransomware on the rise, it has never been more important for an organization—of any size—to have an incident response and business continuity plan in place. Businesses need to have the ability to quickly react, investigate, and respond appropriately to avoid permanent damage to their organization and their customer base.

If you feel your business needs to up its game with respect to being prepared for a potential ransomware or phishing email campaign, PNJ Technology Partners can help. We are your industry leader in helping businesses detect and destroy cyberthreats, and we offer incident response and business continuity planning to help keep your business up-and-running in the event of a data disaster. When you need to put your organization at the forefront of the most innovative security threat response planning, contact us at (518) 459-6712 or reach out to us by email at for more information.