Malware is a significant security concern on our modern networks. In this video, you’ll learn how malware and ransomware is used in cybersecurity attacks.
Malware is a very broad term. But it effectively describes any type of software that is doing bad things to your system. This may be gathering keystrokes and sending those keystrokes back to the attackers. It could be showing you advertising on your screen and the results of you viewing that advertising translates into dollars for the attacker, or this could be viruses or worms that are infecting your systems, encrypting your data, and effectively turning your day into a very bad day.
When we’re talking about malware, we’re talking about different types of malicious code. This could be viruses or worms that could infect your system, it may be the ransomware that’s encrypting all of the data on your storage drives, or this could be a Trojan Horse, where you think you’re installing software to perform a particular function, but in reality that software is installing malware.
There’s also rootkits, keyloggers, spyware, bloatware, logic bomb, and other categories of malware as well. Regardless of the malware type, all of these different methods can turn your system into a botnet, steal personal data, or encrypt everything that’s on your system.
We often think of malware as one event or one thing that occurs. But in reality, all of these different types of malware work together to infect your system. For example, you might have a worm that takes advantage of a known vulnerability on your system and automatically installs itself on your storage drive. It might then install additional malware that might have a remote access backdoor. And when the attacker connects to that remote access, they can install additional malware on your system to provide additional capabilities.
For this malware to infect your system, it has to somehow find a way to run on your computer. Normally, this would be something that you might click in your email message that then loads the malware into memory and uses the CPU of your system to be able to execute, or maybe it’s a pop-up message that you receive when you visit a website. You might also see, when you visit one of these malicious locations, that information is automatically downloaded into your system without you clicking on anything. We refer to these as drive-by downloads. And although they are relatively rare, there are still instances where a worm may be able to automatically propagate itself between systems, all by using a known vulnerability.
And of course, our computers have vulnerabilities inside of the applications and operating systems, even if those vulnerabilities have not yet been discovered by an attacker or a researcher. And that’s why we always tell you to make sure that all of your software is up to date to the latest version. Your operating system probably has updates that are pushed down to your system once a month. And your applications may be configured to automatically update themselves when the developer pushes out a new version.
The reason that all of this malware exists is because the data that we own is very valuable. This might be personal data, such as your family archives, your pictures, your family movies, or any important documents that you might have. If this is part of a larger organization, then you have planning documents, employee personal information, financial details, and anything else that might be private to that organization.
This information may be valuable on its own, or an attacker may find that you’re willing to pay them to recover this data after being encrypted. Either way, the data has value. And the attackers want to be able to take advantage of that value.
Many malware authors have found an entire business model based around ransomware. This is when they can infect your machine, encrypt all of the data on your computer, and then request you to send them money to be able to receive the decryption key.
If you’re ever infected with this type of malware, you’ll find that all of your personal data is suddenly encrypted. This would include all of your pictures, your movies, any documents, and anything else that might be in your personal folder.
Another thing you might find is that the operating system on this computer continues to work normally. That’s because the attacker wants you to be able to see the messages they put on the screen about your system being infected. So they want the operating system to continue to work, even if all of your data is no longer accessible.
The controversial part of ransomware is that the attackers often want money to be able to provide you with the decryption key. Once that cryptocurrency is sent to the attacker, they will send a decryption key, and you’ll be able to recover your data. This is, obviously, a very negative form of cryptography. And that’s one of the reasons we often tell you to always have a good backup. That way, if you do get infected with ransomware, you can delete everything on that system and restore from your known good backup.
An important consideration with these backups is that your backups should be stored offline. That way, if your system is infected with ransomware, the ransomware won’t have a way to identify the backup and infect the backup as well.
The ransomware may be using a vulnerability in your operating system to be able to install itself. And that’s another reason we often tell you to keep your operating system up to date to close those vulnerabilities. This also applies to the applications that are installed on your system. Applications can also have security vulnerabilities. So make sure you’re always running the latest version of that app.
And hopefully, our anti-malware software or antivirus software can recognize this malware before it is infecting your system. This anti-malware or antivirus software identifies this malicious code by using signatures. So it’s always important to keep those signatures up to date on your system so that you can block the newest forms of this malware.
Having a backup and keeping your system up to date are two of the fundamental best practices for preventing malware and other types of malicious software from running on your computer.