Malicious software can cause significant damage to nearly any system or network. In this video, you’ll learn about different malware types and how attackers use ransomware to encrypt data and extort users for financial gain.
One constant challenge we have both at home and in our offices is the threat of malware. Malware is a broad term that describes many different types of malicious software that can cause problems, steal data, and effectively disrupt your entire computer. Sometimes these are capturing information that you’re typing in or capturing images from your webcam. There might be multiple computers infected with malware, and they’re all working together as one botnet.
Perhaps this malware is really designed just to show you advertising. So it’s making money for the attacker or the author of the malware. And there may be viruses and worms that are able to replicate themselves either with your help or without your help and infect other devices that may be on your network.
A generic term for malware that uses humans to replicate and spread is called a virus. This is a very broad term that is used to describe many different types of malware. But one common trait with viruses is that it requires human intervention to be able to replicate itself from one machine to another.
This is different than malware that’s delivered as a worm. A worm is malware that’s able to replicate itself from one computer to another, but it’s able to do it without any type of human intervention. For that reason, worms are considered to be much more dangerous than a virus is. With a virus, we can simply choose not to click on a particular link. With a worm, that malware can replicate itself without any type of human intervention.
Ransomware is a category of malware that gets on a system and begins encrypting all of your personal data. The ransom part of ransomware is that they will give you the decryption key, but you’ll have to pay for it. Very often, you’re sending cryptocurrency or some other type of currency to the attacker, and they’re providing you with a key that you can then use to unlock your system. You’re effectively having to pay the ransom to get your data back.
A Trojan horse is malware that gets on your system by pretending that it’s something else. You could be presented with an executable that says it’s a game. When you click that executable, it is installing software that does appear to be a game. But behind the scenes, there is malware that’s infecting your system.
A rootkit is malware that’s able to hide within your operating system itself. This means it’s very difficult to detect because it’s part of your operating system itself. It’s also very difficult to eradicate.
When keyloggers infect a system, they’re going to record every key that you press. This is especially important during the login process, where this keylogger will record your username and your password. It will then send that information to the attacker, and now they have access to the same systems that you do.
Adware and spyware is especially good at presenting you with advertisements on your screen, and that advertisement is making money for the malware author.
Although bloatware is not directly malicious, it is software that does cause problems on your system. Bloatware is software that’s usually preloaded on a system, and often it’s software that you’ll never use. This bloatware takes up space on your storage drive, and often it has processes that are actively running in the memory of your system. If you were to remove this bloatware, you would free up those resources for legitimate applications.
And logic bombs are especially good at waiting for a particular event to occur, and then they execute. Often this is a time of day or a day of the week. And when that particular time or date is reached, the malware begins to execute on your system.
Very often, multiple types of malware are working together to infect your system. Here’s a very common scenario where a worm might take advantage of a vulnerability that’s on your system because you did not update to the latest series of security patches. Once that worm finds its way onto your system, it then embeds some malware in the form of a remote access backdoor, which then allows anything to gain access to your system from that particular malware author. And often, they will install a bot on your system where they are now able to view and control your computer remotely.
For any of this to work, there has to be some executable that runs on your system. With a worm, that executable can run automatically. But very often, that executable needs you as a human to be able to click on something. That’s why we often say as a best practice you should never click a link that’s embedded within an email on your system. You might also see pop-ups appear from a website that entice you into clicking those. Those might also run an executable. And you also have drive-by downloads that may download an executable onto your system without you having to click anything on a particular web page.
And as we’ve already mentioned, worms can move from machine to machine without you clicking anything. Fortunately, worms are relatively rare, and it’s very unusual to find one that can move from system to system. This is why you constantly hear of the best practice of keeping your system up to date with the latest security patches. If your system has closed those holes and there are no vulnerabilities in your operating system, you can prevent this malware from embedding itself into your system.
And of course, the same thing applies to the applications that are running on your system. Make sure that not only the operating system is updated but all of your applications as well. Ultimately, the malware authors want to somehow make money from your system. And occasionally, they will make that money by taking your data.
Ransomware is a good example of this because with ransomware, your personal data is very valuable to you. And if someone was to encrypt all of this information, you could be enticed to provide them with the ransom to be able to get your data back. If ransomware hits a system at work, the stakes are a little different. There may be planning documents for the company. There could be employee details and Personally Identifiable Information, or PII. Or there might be private information and financial details that the company does not want to make public to others.
There is usually a number associated with the value of this information, and it’s not unusual for organizations and individuals to work with the malware authors to provide them with the ransom they’re looking for in exchange for your data.