Ricoh eDiscovery

Why It’s Time to Stop Sending Attachments Via Email

Posted by Chris Plauschinn |6 minute read

Oct 1, 2020 9:53:50 AM

Email attachment feature image

By now, we all know not to click on links from unknown senders, but what about from people we do know? Today I’d like to focus on the concerning surge in ransomware attacks — particularly those triggered by opening email attachments. Whether the sender is well known or even internal from your own organization, there are several reasons why sending files via email should be a practice of the past. In this blog I’ll be sharing a recent case study, why ransomware attacks are on the rise in 2020 and how you can avoid falling victim to these schemes.

Norsk Hydro

First, let’s dig into one of the most relevant case studies to illustrate why email attachments can be so high risk. Norsk Hydro, one of the world’s largest aluminum companies, was hit with one of the most chilling ransomware attacks known in the IT world last year. According to Microsoft, the breach affected all 35,000 of its employees across 40 counties, locking the files on thousands of servers and PCs.

The report of the incident states the attack had been set in motion three months prior to when it was discovered. The cause? All it took was one single employee to open an expected email attachment sent from a trusted source. This automatic, everyday action allowed hackers to infiltrate the IT infrastructure and plant their virus. As the malware made its way through the employees’ computers, a ransom note appeared demanding bitcoin in exchange for the problem to go away.

The ransomware itself wasn’t self-propagating, meaning someone had to spread it around the network for it to have the widespread affect they accomplished. The objective of this type of attack is to slowly gain access to the network and often exfiltrate data before encrypting it all, not launch an immediate attack. These types of strikes are especially unnerving since they can take weeks or even months before they’re discovered.

Thankfully, the Norsk Hydro team acted quickly, engaging the Microsoft cybersecurity team to help restore operations. While the financial repercussions for the company is estimated to have reached $71 million, the quick thinking and transparency provided by Norsk Hydro ensured the problem was quickly resolved without having to pay the ransom.

What can we learn from this?

Sadly, this cautionary tale from Norsk Hydro is one of thousands. Despite the attachment being sent by a trusted source, the hackers were able to intercept the email communication and embed a payload into the file before it ever reached the recipient. The file looked the same and there appeared to be nothing out of the ordinary.

This goes to show the traditional method of “checking with the sender to confirm they sent it before opening” is no longer valid. The sender themselves had no clue they had delivered a problematic attachment.

Why are ransomware attacks on the rise?

Since the beginning of the COVID-19 pandemic, there has be a 47 per cent increase in the severity of ransomware attacks. What’s worse? Coalition’s H1 2020 Cyber Insurance Claims Report, which surveyed 25,000 small and mid-sized organizations across Canada and the US, also showed a 100 per cent increase in attacks from 2019 to Q1 2020. A 35 per cent increase in funds-transfer fraud and social engineering claims filed by Coalition policyholders was also reported.

The large spike in ransomware attacks in 2020 comes as a result of so many people now working from home. As companies shift to a remote working model in light of COVID-19, scammers are preying on the vulnerable; the undereducated, those working without VPNs and those who are isolated from their traditional work environment which can sometimes lead to absent-minded actions.

As part of working away from the office, people are now sharing information in different ways to compensate for being apart. A presentation you may have once booked an in-person meeting with a colleague to review has now pivoted to countless back and forth emails to collaboratively work together online.

How can you avoid falling victim to ransomware attacks via email?

For years, we’ve been taught how to recognize dangerous spam emails: check to see whether it’s being sent from a legitimate email address, don’t click on unfamiliar links and be skeptical of unusual language used. Sadly, our gut instincts on whether an email is safe is no longer suffice. Scammers continue to evolve as users become more educated — some even make spelling and grammar “mistakes” to appear more human and trustworthy.

Despite all our training in identifying bad emails, according to a another worldwide survey of small and medium sized businesses, 67 per cent of ransomware attacks still originate from phishing or spam emails. As these attacks become more sophisticated, many IT and security teams fail to update their training and policies to reflect these risks.

Thankfully, there are a number of ways to avoid falling victim to ransomware attacks. Before hitting “attach file” in your next email or clicking “download”, consider the following workarounds:

1. Use an alternative method of file sharing

If possible, it’s always best to do your file sharing through a responsible platform. Check if your workplace has a preferred method to share files such as:

  • OneDrive
  • Teams
  • Slack
  • Accellion

If not, some free alternatives include:

  • Dropbox
  • Box
  • Google Drive

If you find yourself in a situation where you have to send/receive attachments via email, strive to use encrypted zip files. While this method isn’t entirely fool proof, it will add an extra level of security by requiring a password to open the attachment (just don’t include the password in the body of the email).

2. Scan each attachment before opening it:

If you do receive an attachment via email, it’s always a good idea to run your antivirus program on it before opening. Most IT teams will have software set up to automatically scan attachments but often there is a way to manually scan an attachment prior to opening. If you’re not able to do so, skip to the next step.

3. Engage with your IT team:

If you’re unable to run a scan on the attachment, or you still have doubts about what the file might contain, forward the email to your IT or security team. They should have the resources on hand to identify whether the attachment could be potentially harmful (plus, they’ll likely be appreciative that you engaged with them versus blindly downloading an unknown file).


Bottom line: Your safest bet is to live in a world where you imagine email attachments no longer exist. While sending email attachments is certainly one of the most convenient ways to share files, transferring and receiving data of any sort via email is not secure. Take the extra steps mention above to ensure you and your network are safe from phishing schemes today.

You may also be interested in...


How secure are your private messages? Six top platforms ranked. 

How secure are your “private” messages? Find out how your mode of messaging measures up.


Halloween feature image-1

5 Scary Facts About Data Breaches and Tips to Keep Your Accounts Safe

We're sharing the five scariest facts about data breaches along with tips to help find out whether any of your accounts have been compromised and how you can keep them safe year-round.

Topics: Chris Plauschinn, Security and Privacy


Tell Us What You Think.