How Can DMARC Help Protect You Against Ransomware?

Domain-based Message Authentication, Reporting, and Conformance (DMARC) began gaining traction a few years ago as a way to validate the authenticity of emails.

Now it may have an even more important role to play: preventing ransomware attacks.

These malicious encryption attacks that take your data hostage are the most financially harmful attacks for companies.

Rampant Ransomware Attacks

Rampant ransomware attacks have been surging in 2021, with the highest-profile one the Colonial Pipeline attack that nearly shut down the U.S. East Coast as fuel shipments were halted. Attackers have targeted critical and vulnerable sectors such as manufacturing, financial, transportation, energy, and more, including a couple of $50 million attacks on Acer and Quanta. Ransomware attacks have been surging in 2021, blocking access to critical systems upon infection and demanding that organizations pay heavy ransoms in crypto currencies to get their data back — or risk losing it forever. Ransomware attacks target a range of industries, reflecting the vulnerability of organizations across the private sector and government.

The Rampant Ransomware Attacks can cost your business millions, if not billions. Consider that these cyber extortion efforts may be the first step in a master plan to reach more prominent companies or just a way to target more companies simultaneously. The costs of ransomware attacks can be massive, including downtime, data loss, and significant psychological damages for the teams targeted by such threats. It can take weeks or months for small businesses to recover from a ransomware attack. While they’re down, they aren’t earning any money.

A cyber extortion attack can just be the first step of a sophisticated well-planned assault.

Ransomware is a type of malicious software, or malware, designed to deny access to a computer system or data until a ransom is paid. Ransomware typically spreads through phishing emails or by unknowingly visiting an infected website.

1. Once ransomware successfully infiltrates a system, it can be difficult to remove without paying the ransom or losing all of your data.

2. Some hackers do not hesitate to ask thousands of dollars from tiny companies when those organizations can neither pay the ransom nor lose the data. The attackers might destroy the data while the victim is sending the payment just to prove they are not bluffing to all other potential victims.

Email is a Critical Ransomware Attack Vector

Hackers can target any of your employees with a fraudulent, “spoofed” email or several people in a specific department with a phishing campaign.If any of them unwisely open the attached files, it’s game over! The malware can spread to the entire system in hours and to your customers and partners, impersonating your identity.

That makes employee training a critical ransomware defense too. Of the many ransomware attack vectors, email-borne attacks frequently top the list. These are security breaches that result from a malicious payload attached to emails. You’re exposed if your employees open the emails and their attachments. Any employee who falls for a phishing attack could let in the bad guys, who can penetrate your entire system and hold it hostage, including all of its data.

How DMARC Works to Stop Ransomware

DMARC email authentication gives organizations the ability to reject unauthorized emails from impersonated domains. DMARC is based on email authentication and much of the responsibility rests with senders and their DNS text resource records. DMARC is a technical agent that actively enforces SPF and DKIM to validate the sender prior to delivering an email. A DMARC record can be in the DNS of any domain and if it?s there, the receiving server will check whether the email passing through is authenticated via SPF or DKIM by its IP address. If the servers know you’re a valid sender, they’ll accept your email, if not spam or malware. The Sender Policy Framework (SPF) standard is a method of email authentication that helps to protect both senders and receivers (as well as their customers) against email spoofing. You use a text entry in your DNS (Domain Name System) record to tell the world which servers are allowed to send mail on behalf of your domain.

In my previous article, I covered the basics of ransomware: what it is, what its impact is, and how different types work. In this article I provide a closer look at DMARC and how it can be used to help prevent malware-based attacks such as phishing, which in turn helps stop popular ransomware families from infecting computers.

For example, hackers may forge a fake email, impersonating the CEO or any director, but SPF checks whether the sender has an approved IP address in the SPF record and blocks the email if it doesn’t. For example:

IPv4: v=spf1 ip4:8.8.8.8 ip4:8.8.4.4 -all

IPv6: v=spf1 ip6:2001:4860:4860::8888 ip6:2001:4860:4860::8844 -all

You can also specifically allow email to be sent only from the same email servers that are already defined in the MX (mail exchange) record:

v=spf1 mx mx:mywebsite.com ~all

SPF and DKIM

Domain Keys Identified Mail (DKIM) signs and encrypts emails. Like SPF, DKIM needs a DNS record, but this record contains a public key. In addition, you need a DKIM signer setup on a mail server. The DKIM signer includes a private key that must be kept secret and matches the DNS record’s public key. To ensure your email security, you’ll want to configure both SPF and DKIM. While these methods alone won’t prevent hackers from accessing your account, these methods will make it more difficult for them to intercept and read your emails. In addition, SPF is easy setup and free, so there’s no reason not to get started today.