Hanover (01.07.2019) – With the help of encrypted email attachments, cybercriminals are currently trying to circumvent classic antivirus programs. Encryption prevents filter mechanisms from detecting the underlying malware. Since the beginning of the year, for example, the ransomware GandCrab has been spreading this way. In view of the increasing threat situation, the cloud security provider Hornetsecurity has developed a unique feature that recognizes this procedure and blocks the malicious email before it arrives in the email inbox.

“Nowadays, companies are investing much more in IT security than they did 5 years ago. Through AI and other intelligent defense mechanisms, attackers can no longer reach their target with simple methods. Therefore, cybercriminals are increasingly developing more-detailed strategies to circumvent these mechanisms. Hornetsecurity technology enables us to react to targeted attacks at any time,” says Daniel Hofmann, CEO of Hornetsecurity. “With the new Malicious Document Decryption function, we react quickly to the systematic approach of cybercriminals. The capabilities of Malicious Document Decryption are unique to the market.”

So that the encrypted document can be opened by the selected recipients in order to install the underlying malware unnoticed in the system, the fraud email contains the corresponding password in plain text.
Malicious Document Decryption analyzes the content of incoming emails with encrypted attachments for the appropriate password to remove the encryption. Using static and dynamic analysis techniques, the behavior of the decrypted file is examined. This ensures that the underlying malware is detected immediately and does not reach the recipient’s email inbox.

The new feature is part of the Advanced Threat Protection service and complements the protection for secure email communication against particularly intelligent and systematic cyberattacks. Hornetsecurity customers who already use the ATP service can rest assured: The feature was already integrated and activated in the service for all ATP users since the beginning of June.


About Hornetsecurity:

Hornetsecurity is the leading cloud security provider, protecting the IT infrastructure, digital communication and data of companies and organizations of all sizes. The security specialist from Hanover provides its services worldwide via 9 redundantly secured data centers. The product portfolio covers all important areas of email security, including spam and virus filters, legally compliant archiving and encryption, as well as defense against CEO fraud and ransomware. With around 200 employees, Hornetsecurity is represented globally at 10 locations and operates in more than 30 countries through its international distribution network. The premium services are used by approximately 40,000 customers including Swisscom, Telefónica, KONICA MINOLTA, LVM Versicherung, DEKRA, Claas and the Otto Group.