Cofense Email Security

Ransomware Prevention: How Do You Get Ransomware?

What is Ransomware?

Ransomware is a type of malware that encrypts files on a computer system, making them inaccessible to the user. The attacker then demands a ransom payment, typically in cryptocurrency, in exchange for the decryption key to restore access to the files. Ransomware attacks can be delivered through a variety of means, including phishing emails, malicious websites, or by exploiting vulnerabilities in unsecured computer systems. Once the ransomware has infiltrated a system, it will begin to encrypt files and display a message to the user demanding payment within a certain timeframe.

How Do You Get Ransomware?

A great way to kick off a phishing awareness training course is to ask, “How do you get ransomware?” The majority of trainees will be aware that ransomware attacks can be launched by clicking on a malicious URL or opening an infected email attachment. 

Depending on trainees´ responses to “How do you get ransomware?” you may be pleasantly surprised or very concerned. At the least, you can better gauge your employees´ appreciation of the threats posed. This insight will inform your decision-making as you take steps to raise phishing awareness.

How Does Ransomware Prevention Work?

After asking, “How do you get ransomware?” the next question should concern how to identify suspicious links and attachments and how to report those suspicions. In most scenarios, the answers to the first half of the question will be textbook; but the second half, how to report suspicious links and attachments, often draws blank faces. This might reveal a major problem with your company´s online security, especially when a link has been clicked or an attachment opened.

All employees need to know the reporting procedure and the importance of swiftly reporting a clicked link or opened attachment. Only by quickly alerting the IT security team to the possible risk of infection can a threat be well contained and the potential damage limited. Furthermore, employees must know that even if a computer has been locked by ransomware, swift action can prevent the infection from spreading to the rest of the network or stop secondary malware from being dropped.

Measures a Company can Take for Better Ransomware Prevention

In many areas of life, knowing something and applying that knowledge don’t always follow hand in hand. Although your employees may know “How do you get ransomware?” and even how to report suspicions, companies should implement measures to protect themselves against ransomware and its consequences. These measures may vary, but generally include:

  • Take frequent back-ups, so if data is encrypted by ransomware, there is a recent restore point.
  • Install a program that will check for and install software updates.
  • Virus scan all external drives and mobile devices connected to the network.
  • Maintain an ongoing program of phishing awareness and keep asking the question, “How do you get ransomware?”

The importance of a program approach to phishing awareness is difficult to overstate. You can drastically reduce your company’s vulnerability to ransomware attack by enlisting your employees as human sensors against malware-bearing phishing emails. Comprehensive ransomware prevention depends on a last line of defense when malicious emails get past standard filters and secure gateway technology and land in users’ inboxes. Attackers know how to beat these filters and successfully do so on a near-daily basis. When employees are well-conditioned to spot these emails and are able to quickly and easily report them, companies can be spared catastrophic expenses in lost productivity, revenue, and reputational damage. Real-world simulations can radically boost resilience against attacks for measurably improved ransomware prevention.

Maintain an Ongoing Program of Phishing Awareness with Cofense

Cofense is the leading provider of phishing threat management solutions. We determine employees´ susceptibility to online threats by using simulation exercises. These activities show how much employees know about “How do you get ransomware?” It also conditions them to be up to 95% less susceptible to phishing attacks. Our phishing threat management solutions are used by more than 1,000 companies worldwide, including half of all Fortune 100 companies.

Besides simulation exercises to raise awareness and reduce susceptibility, Cofense lets employees report suspicious emails with the click of a mouse. We offer an incident response platform that prioritizes investigations for IT security teams, based on the results of the simulated phishing exercises. Cofense also offers an intelligence feed of known threats, to eliminate false positives and save time identifying and responding to genuine threats.

To learn more about protecting your business, your data and employees from ransomware, contact us for a free Cofense demonstration. Our team will guide you through our solution so you can better understand “How do you get ransomware?” and how to protect against it. Get real-world ransomware attack examples here and learn how to protect yourself.

Interested in learning more about phishing detection and response?

Explore our Resource Center for our latest content

Explore our database of phish found in environments protected by SEGs, updated weekly

Download our latest Phishing Review to learn about threat landscape trends.


We use our own and third-party cookies to enhance your experience. Read more about our cookie policy. By clicking ‘Accept,’ you acknowledge and consent to our use of all cookies on our website.