Malware, Ransomware, and Virus are commonly used terms to describe malicious programs in cybersecurity, yet people often associate the meaning of each other in an abstract way.
This article will explain each entity's definitions in detail and explore the core differences between them to prepare ourselves in case of an attack.
General Term Definitions
Malware: Short for "Malicious Software". Any software designed to perform harmful activities against the host system, client system or network services will be categorized as Malware. A variety of types and subsets exists under Malware, including Ransomware, Computer Virus, Trojan, Worm, and Spyware.
Ransomware: Ransom means release by payment. A subset of Malware programmed to block certain access and demand ransom payment to the user in exchange for access recovery is called Ransomware.
Virus: A type of Malware that infects other software and system to perform malicious events. Most viruses have features to spread when infected software can access to other computers.
What is Malware?
Malware or Malicious Software is the top tier term that describes any software designed to harm the computer, which includes Viruses and Ransomware.
Other types of Malware are:
- Computer Worm
- Root Kits/Exploit Kits
- Logic Bomb
What can Malware do to you?
Harm from Malware can occur in various ways. It can seamlessly steal data, lock access to accounts, slow down system performance, and even destroy the entire operation. Some Malware activities are visible by the user for reasons, while most activities happen under the surface to extend the concealment as long as possible.
- Steal Identity
- Data Breach
- Credit Card Fraud
- Software Corruption
- Reduce System Performance
- Access Limitation/Block
Malware Infection Method
Malware infection starts in many forms, commonly by unauthorized software downloads, email attachment, shared file, malicious website browsing, and connecting infected portable device.
One of the methods with a higher data breach success rate is Scareware, which attempts to infect the target device by prompting a fake Anti-Virus program interface. The prompted alert shows full of information that virus activity was detected on the device, and the user needs to allow to download an application for protection.
What is actually happening is, the alert is fake and the system is yet not infected by a virus. Instead, installing the suggested quarantine application is what injects the malware and cause infection.
How to Prevent Malware Infection?
Malware comes from a variety of sources and millions of infection methods are reported. There is no golden hammer to prevent all at once, but here are the fundamental tips to prevent general infections from commonly known Malwares.
1. Install Anti-Virus/Malware Software
2. Keep Anti-Virus with Latest Patches
3. Schedule Anti-Virus Scans Regularly
4. Use Latest Version of Operating System with All Security Patches
5. Maintain Clean Network Environment
6. Avoid Open Wi-Fi
7. Never Expose Privacy Information
9. Use Password Manager
What is Ransomware?
Ransomware is a type of Malware that locks out users from their system while demanding a ransom to release. Hackers who use Ransomware can remotely gain full control over the system, which makes the attack much more dangerous and complex to resolve compared to other Malwares.
What can Ransomware do to you?
Ransomware will block your access to the computer or device. Commonly a lock screen generated by the Ransomware will appear with a threatening message including the ransom amount and detail instructions to perform the release.
The type of access restriction depends on each program. Screen locker Ransomware blocks users' login access to the account by applying an additional lock layer or changing the OS password. In another case, data kidnapping attacks will encrypt stored data and block any access even through loading the hard drive from another machine.
The ransom amount can change based on a variety of factors. For example the importance of locked data, data access urgency, size of hostage data, and how much risk the hacker estimates can fluctuate the amount. For individual cases, the ransom can be anywhere from a few hundred to thousand dollars, while corporation cases can go over $10,000 if the infection is widely spread. In the end, the ransom amount is entirely up to the hacker's request.
Overall, there is no guarantee that the lock will be released after the ransom payment. Negotiation with hackers can never be trusted.
Ransomware Infection Method
Entry path for Ransomware infection can be narrow down to a few methods, which includes phishing emails, exploit kit and malvertising.
Phishing Emails: Email with content made by social engineering strategies to instruct the receiver to install the malware.
Exploit Kit: A highly automated application designed to silently exploit security holes into the target computer/device. Compromised web page attempts to install malware through browser vulnerability.
Malvertising: Short for Malicious Advertising. A website, sketchy or legitimate, can prompt malicious ads and popups when infected by an injected malware code. Malvertising produces online attacks on visitors' computers when activated through clicking or opening.
How to Prevent Ransomware Infection
- Install an Anti-Virus/Malware application with the latest patches.
- Protect browser using AdBlock extensions/addons.
- Update the operating system to the latest release. Often check for software updates, especially for browser.
- Set a schedule to backup data to a separate directory regularly.
- Avoid opening unfamiliar emails, clicking sketchy links, and installing an unauthorized application.
How to Remove Ransomware Infection
If you believe your device is infected with Ransomware, take a moment to understand the technical aspects and potential solutions. Paying the ransom is the last thing you want to do. There is no guarantee the lock will be released after the payment and will only encourage the ransomware activities by providing a higher success rate.
For non-technical users, the best way to recover your data is to turn off the device and seek advice from a specialist. The tactics used by this type of attack is highly technical and must be handled by people who have an in-depth understanding.
To recover data from a Ransomeware attack, a backup file or active backup system is required.
1. Take a picture of the Ransomware screen and make a cybercrime report.
2. Disconnect device from the online network, internal network, and physical connection between other devices.
3. Make sure the backup files exists and not infected. Perform the verification through connecting to a non-infected device and scan with Anti-Virus application. If files are infected it may spread to the attached device.
4. Perform a clean OS installation by wiping out the entire disk.
5. Restore the backup data to the clean OS.
What is a Virus?
A computer virus is also a type of Malware with a stronger ability to spread out to different computers and devices. Key characteristics that define Virus from other malware is, Virus lives by forcefully manipulating other software's behavior and does not have an entity without a host. The infected device will become a virus itself causing further spread out.
What can Virus do to you?
Harm from Virus comes in many shapes. Some can dramatically slow down system performance while others will breach security without any visibility.
Computer users start applying the name Virus to programs and software that brings any sort of disadvantage to them. Therefore, the negative impacts caused by viruses do not have a clear categorization separated from other types of Malware.
Virus Infection Method
Because Virus is designed to multiply by infecting other devices, many infection tactics and strategies are observed throughout its long history of activities. The following are the top 5 common ways to be infected with computer viruses.
1. Downloading software from unauthorized websites or sources.
2. Opening contaminated email attachments.
3. Connecting infected files through network, device, disk, or external storage.
4. Clicking links to malicious websites or ads.
5. Pirating, P2P Sharing, Torrenting.
Catastrophic Cyber-Attacks Caused by Malware
Today we are well educated about malicious emails and Anti-Virus applications will automatically scan.
However, during early 2000 there was very little to no awareness about virus attached email.
Around the same time an email with a title "I love you" with an attachment file named "LOVE_LETTER_FOR_YOU.TXT.vbs" started to arrive in many offices throughout the nation. This strategy turned out to be one of the most effective ways to lure people to open the attachment, causing a total of $15 billion damage overall.
CryptoLocker is a Ransomware that attacked millions of Microsoft Windows computers since 2013. Attack was conducted by sending malicious emails to many organizations locking and encrypting data upon opening the attachment.
After the infection, an additional email was sent requesting a ransom in exchange for lock release. FBI offered a $3 million reward for finding the hacker leader of CryptoLocker creator.
Within 100 days there were 500,00 victims reported and total financial damage ran up to $30 million. This is known as the most brutal Malware incident in history.
Malware Myths and Truths
Myth 1: Mac Computer Does Not Get Infected by Virus
It is true that a virus designed for Windows OS cannot harm Mac, and there are fewer types of Mac-based viruses. This doesn't mean Mac is completely immune to the virus. In fact, Virus called Elk Cloner written in 1982 was made to infect Mac OS.
Recent research shows that over 16 million instances were reported within just April 2019, which is four times more incidents compare to the past months over the years. This indicates hackers have found ways to create effective Mac viruses, and more importantly finding values in attacking Mac users.
Truth: Mac computers can get infected by viruses.
Myth 2: User can Naturally Detect Malware or Virus Infection
When imagining a typical virus-infected computer, many people will think random popups and warning screens bouncing around. This is a big misconception. Most malware/virus jobs happen completely under the surface and are nearly impossible to detect virus activities without using specialized detection tools. A good practice is to install an Anti-Virus and run it regularly even though you think you are virus-free.
Truth: Some malware and viruses completely hide their activities.
Myth 3: Virus Brings No Harm If Nothing Important Is Stored on Computer
Some viruses specialize in stealing online activities through browser interactions and it turns out there is much valuable information that hackers can extract from browser surfing.
For example, analyzing the global network IP can trace user's personal information such as name, age, and home address. Access to social sites may lead to getting hold of username/password, as well as communication with friends and family.
Truth: Online activity exposure can cause account and social identity breach
Although the concepts between Malware, Ransomware, and Virus may sound similar, each term can be used to define specific types and characteristics of a cyberattack entity. Overall, Malware is the parent term of any malicious programs which includes Virus and Ransomware.
All Malwares have the potential to steal privacy information from you, cause critical damage to the device, and spread to other systems.
Always have an Anti-Virus application installed in your system to keep yourself and information protected.