The Link Between Ransomware and Social Engineering

In cybersecurity circles, social engineering and ransomware attacks are like the chicken and the egg. One always comes first, and you can only have one with the other. But which comes first, and is ransomware social engineering? What’s the difference?

Social engineering is a metaphorical egg in this scenario, hatching out a voracious and terrible malware called ransomware that can take down your business and cost you thousands. But you can’t have ransomware without social engineering. The latest threat monitor assessments suggest nearly one-third of employees fall victim to social engineering attacks, some of which unleash ransomware into their company networks.

Should you worry? Yes. But you can protect your business. This article will help you understand the connection between social engineering and ransomware so your organization can stay aware and prepared.

What is Social Engineering?

Social engineering is a tactic used by bad actors to lure the unsuspecting victim into sharing personal or professional data. The goal could be do download a malicious file (such as ransomware), send money to a criminal, or to visit websites that capture login information.

You’ve probably heard about these scams on the news. During tax season, scam artists called unsuspecting victims to tell them to pay their IRS debt—or else. Emails that appear to be from your bank can be a form of social engineering. Recently there has been a rash of fake jobs preying on the unemployed. Even piggybacking, when someone physically follows an authorized person into a restricted building area, is considered a type of social engineering.

Today, most social engineering occurs online. With the rise of generative artificial intelligence (AI) platforms like ChatGPT, social engineering incidents have increased by 135% in 2023. 

Social Engineering Tactics

In the digital space, social engineering often starts with an email that employs one or more of the following attack types:

  • Comes from a trusted brand.
  • Poses as an authority figure such as a CEO or a legal entity like the FBI.
  • Incites a sense of urgency to fluster and confuse the end-user.
  • Appeals to greed — you receive a percentage of profit or a reward.
  • Enflames curiosity or a sense of helpfulness to engage your participation.

Examples of social engineering include the following below.


Attackers send deceptive emails that appear to be from a legitimate source to trick recipients into revealing sensitive information like passwords or credit card details. These messages often create a sense of urgency or fear, prompting users to click on malicious links or open infected attachments.


This technique involves creating a false scenario or pretext to trick individuals into sharing sensitive information. Attackers may pose as someone in authority, like a company executive, IT support personnel, or a government official, to gain the victim’s trust and manipulate them into providing confidential data.


Attackers offer enticing baits, such as free software, discounts, or exclusive content, to entice individuals into taking certain actions. These baits may include infected downloads or malicious links that, once clicked, can lead to malware installation or unauthorized access to the victim’s system.


Attackers impersonate someone familiar to the target, such as a colleague, friend, or family member, to exploit trust and manipulate the victim into revealing sensitive information or performing certain actions.

Reverse Social Engineering:

Instead of attackers initiating contact, they may wait for individuals to seek help or support. Attackers position themselves as experts or technical support personnel and manipulate victims into providing sensitive information or granting remote access to their systems.

Watering Hole Attacks:

Fake websites can capture log-on details and send them to a hacker, not to your bank. These bad actors can inject malware into a landing page. When you click a link, it injects the malware into your computer.

Social engineering is growing increasingly sophisticated thanks partly to the proliferation of social media data now available. Hackers can gather personal information online to craft a more targeted and convincing social engineering effort.

Where does ransomware fit within this tumultuous sea of social engineering? Is ransomware social engineering, or is it something else?

Is Ransomware Social Engineering?

Ransomware isn’t a manipulation technique; it is a specific type of malicious software (malware) that encrypts files or restricts access to a victim’s system until a ransom is paid.

Ransomware typically infiltrates a system through email attachments, malicious websites, or software vulnerabilities. The attackers hold the victim’s data hostage until the ransom is paid, threatening to lose access to the files if the payment is not made. Once the ransomware infects a system, it encrypts files and displays a ransom note, often demanding payment in cryptocurrencies like Bitcoin. According to IBM, the average cost of a ransomware attack in 2022 was $4.54 million. 

Email phishing remains the top social engineering method to deliver ransomware. Text phishing is increasing, as well. Phishing scams include:

  • Bulk phishing emails that are sent to thousands or even millions of recipients, appearing to come from reputable, global companies like online retailers or financial institutions.
  • Spear phishing targeting individuals seeking authorized access to corporate data.
  • Angler phishing via fake social media accounts for trusted companies or individuals.

How Can Companies Prevent Social Engineering Attacks?

Employees and companies must work together to thwart these cyber-attacks. Employees should follow best practices such as:

  • Verify the identity of individuals before sharing sensitive information or performing requested actions.
  • Be cautious of unexpected or suspicious emails, messages, or phone calls, especially those asking for sensitive information or urging immediate action.
  • Regularly update and use strong, unique passwords for different accounts.
  • Enable multi-factor authentication whenever possible.
  • Stay informed about the latest social engineering techniques and educate yourself and your organization about cybersecurity awareness.
  • Use reliable antivirus and antimalware software to detect and block malicious attempts.

To counter the growing sophistication of social engineering attacks, organizations should implement robust cybersecurity practices:

  • Continuous Education and Awareness: Regular training and awareness programs can help individuals recognize social engineering tactics and risks associated with sharing sensitive information.
  • Strong Authentication Measures: Implementing multi-factor authentication and using strong, unique passwords adds an extra layer of security against social engineering attacks.
  • Incident Response Plans: Organizations should have well-defined incident response plans to effectively respond to and mitigate social engineering incidents.
  • Security Software and Monitoring: Employing reliable antivirus and antimalware solutions, as well as monitoring tools, can detect and block social engineering attempts.
  • Regular Updates and Patching: Keeping software and systems up to date with the latest security patches helps protect against known vulnerabilities that social engineering attackers might exploit.

Worried about cybersecurity? Ask the experts at Sikich for a consultation today.

This publication contains general information only and Sikich is not, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or any other professional advice or services. This publication is not a substitute for such professional advice or services, nor should you use it as a basis for any decision, action or omission that may affect you or your business. Before making any decision, taking any action or omitting an action that may affect you or your business, you should consult a qualified professional advisor. In addition, this publication may contain certain content generated by an artificial intelligence (AI) language model. You acknowledge that Sikich shall not be responsible for any loss sustained by you or any person who relies on this publication.

About the Author