When you hear the words “virus”, “ransomware”, and “malware”, you intuitively think “cyberthreat”. People often use the above terms interchangeably when they talk about a malicious digital attack. However, those terms are not the same. Knowing what they refer to can help you prevent or tackle cyber threats successfully. Understanding the difference between main types of malicious software helps you create the right plan of action, protect your devices and prevent data loss. This post explains the difference between a virus, ransomware, and malware and offers helpful advice on fighting cyber threats.
Before We Start
NAKIVO Backup & Replication is an agentless, affordable, all-in-one data protection solution for physical, virtual and SaaS environments from a single pane of glass. The solution also offers immutable backup features to protect backup data against ransomware threats and related data loss.
Virus, Malware and Ransomware: Clarifying the Differences
Malware is a broad term that describes software bearing malicious code. Therefore, when we talk about any type of malicious software, we can refer to it as malware. With this being said, viruses and ransomware are just two types of malware. However, there are more types of malware than this, including:
- Spyware — a program used by cybercriminals to spy on the victim’s device. With its help, the attackers can steal names, social security numbers, credit card credentials, usernames and passwords. Having this information may be enough for breaking into your digital environment.
- Bots — vicious malware that connects compromised computers to a central server. Together, all hacked computers form a botnet. Cyber criminals can control the affected computers in a botnet from a central device. Botnets may involve millions of computers, yet still remain undetected. At one point, when a target doesn’t suspect a thing, a hacker can use a botnet to send a phishing mail, infect your service with spam, steal your credentials and, finally, launch a massive denial of service (DDoS) attack.
- Rootkits — hostile programs that can remain in your computer while being undetected. A hacker can use a rootkit to gain privileged access, alter system configuration and download more malicious software.
- Worms — a type of malware that can replicate itself and spread from computer to computer on the infected network. Worms do not need to attach themselves to any software program in order to cause damage. Once in the system, worms can delete, change, and steal the data as well as deploy more malicious malware.
- Trojan Horses — a type of malware that needs a host to attach to. A trojan horse can spread through phishing mail or a fake antivirus solution on a malicious web. Once trojans are installed, they hide in the legitimate program and start spying and altering data on the affected machine.
- Adware — malware you can find in malicious pop-ups. Those pop-ups may appear when you try to download free games or unlicensed software. Adware can bring relatively mild to medium performance degradation due to the extra load on your device lowering the speed of your machine or even downloading spyware.
Now that we’ve covered some basics, let’s come back and compare viruses and ransomware since both of them occur more frequently than other types of malware.
What is a Virus?
A virus is a harmful software that you can acquire by visiting an infected website. You may not even know that you have downloaded a virus that is now actively running on your computer. Viruses can cause a lot of damage by corrupting your software applications, deleting files or even reformatting the hard drive. Viruses can slow the performance of your computer and cause systemic crashes.
There are certain stereotypes or myths about viruses circulating on the internet. Let’s debunk the myths by presenting the real facts:
- Myth: I can tell right away that a virus has hit my computer. — This is not true. Often, a virus sneaks in unnoticed, and you can never tell before you discover the damage it caused.
- Myth: I can’t download a virus from a credible website. — The truth is that hackers tend to infect reputable websites to compromise their future victims. You can get a virus by just viewing the malicious ad without even clicking on it.
- Myth: I am virus-protected if I use Apple OS. — Not true, hackers can modify a virus to invade any type of OS.
- Myth: I can safely open attachments if they come from trusted sources. — False, some viruses can infect contact lists. Thus, even an attachment from a friend or colleague can transport a virus.
- Myth: I shouldn’t be intimidated by a virus if I don’t keep important data on my computer. — Absolutely untrue! Hackers can use your device as a part of a botnet and launch attacks from your computer on other machines.
- Myth: I am fully protected from viruses if I use a firewall. — Unfortunately, firewalls can’t stop viruses from infecting your computer. Firewalls can filter your traffic and restrain unauthorized access. However, a virus still can get into your computer via phishing emails or infected websites.
What is Ransomware?
Now let’s talk about ransomware. Ransomware is a type of malware that can enter your computer via a compromised file and put a lock on some or even all of your files. Ransomware uses encryption, a technology that can turn your data into unreadable code.
Encryption is usually used to safeguard your data. However, in the hands of cybercriminals, encryption becomes an evil tool. Once your data is locked, you need a decryption key to unlock it. Hackers can give you a decryption key if you pay a ransom.
As a rule, hackers demand a high ransom amount in return for a decryption key. A ransomware message displayed on your machine shows the amount demanded along with the due date. If you fail to pay by the due date, the attacker may delete your files or sell your information on the dark web. Nowadays, the ransom amount is asked in cryptocurrency.
Businesses often give in to the demands of the hackers and pay the ransom to avoid the news of the attack going public. However, paying the ransom is not the best way of solving the problem. After all, hackers often do not comply with the agreement — they may still leak the data or even worse, delete it.
To combat hackers today, most companies rely on backups. If you backup your data diligently, you can always recover it in case of a ransomware attack. Recovering by means of a backup allows you to get your data back and avoid all the trouble associated with paying the ransom. To back up your data smartly follow the well-regarded 3–2–1 approach, which says to have at least three copies of your data, two of which you store onsite and one offsite or in a remote location on a distant server.
How Does Ransomware Infect Machines?
Phishing mail is the most common way of ransomware infection. Phishing mail can appear absolutely legitimate and can come from a trusted person. You may not even notice that a couple of letters in the email address have been changed. If you don’t see anything suspicious, you may follow the infecting link or attachment in the email and end up downloading a malicious payload.
Another way to get ransomware is by clicking the links on social media sites or visiting malicious websites. In case your device has already been incorporated into a botnet, there is always a chance that it can be further infected with additional malware.
We’ve already covered common myths about viruses. There are also misconceptions about ransomware. Let’s look at some of them.
- Myth: Ransomware doesn’t attack single individuals; it’s just after the businesses. — False. Both individuals and businesses can fall victim to ransomware.
- Myth: I will certainly get my data back if I pay the ransom. — No, paying the ransom doesn’t guarantee having your data back. In fact, often cybercriminals do not follow through on their promises. As a result, you may lose your money but never get your data the way it was prior to the attack.
- Myth: My data is safe if I have backups. — Not, exactly, in some cases ransomware can also encrypt backups. To keep your backups protected, follow the 3–2–1 approach and don’t share your backups with other users. Also, use immutable backup targets.
When it comes to malware, there are four questions that are commonly asked:
1. How do I detect malware?
2. How do I protect myself from malware?
3. How do I remove malware and
4. What is the most destructive malware?
Let’s try to answer those questions one at a time.
How Do I Detect Malware?
The common signs of malware are slow device performance, program and system crashes, uncontrolled device behavior (your computer spontaneously opens and closes programs or sends out malicious email messages). In addition, you may experience unexplained data loss or become bombarded with evil pop-ups and messages. In the worst-case scenario, you may be left staring at the dreaded Blue Screen of Death (BSOD). BSOD is a bad sign that indicates a serious systemic issue, and as the name suggests, is just a blue screen with nothing on it.
How do I Protect Myself from Malware?
First of all, you need to get a firewall and keep it updated at all times. Second, you should always use the newest version of your OSs and applications to avoid software vulnerabilities. Third, you need to set up your browser security settings and block pop-ups. Next, follow basic security standards:
- Don’t open emails or messages from unknown persons
- Scan free software before making the download
- Come up with strong passwords
- Update your credentials regularly
- Back up your data regularly
- Stick to the 3–2–1 rule
How do I Get Rid of Malware?
To be frank, malware removal is not an easy task. When you need to remove malware, ask for professional assistance. Don’t attempt to do it on your own because it’s not hard to miss some parts of malware in the affected computer. Therefore, you may end up running leftover malware without knowing it.
Here’s a simple algorithm to remove malware from your computer:
- Use antivirus to detect malware.
- If you find malware, delete it (The deletion should take place automatically. However, if this isn’t possible, ask your security vendor for assistance).
- Format the drive.
- Recover your data and reinstall programs.
- Figure out the reason for the infection.
- Educate employees at your organization about cybersecurity rules.
In case you fall victim to a ransomware attack, do the following:
- Disconnect your computer from any networks.
- Make a photo of the log screen to find out the type of ransomware.
- Scan all disks and delete malware by using read-only media.
- Ask for a technician’s help if you have an issue.
- Don’t pay any ransom.
What is the Most Destructive Malware?
MyDoom or Norvarg is a worm that you can acquire with a phishing email. It’s been around for 16 years. A reward of $250,000 has been offered for finding the creator of MyDoom. Despite that, nobody knows yet who designed it. MyDoom caused a lot of damage in 2004 by launching a DDoS attack that resulted in $ 38,000 of damage. During the attack, MyDoom infected a large number of computers. Then it took over their email lists and sent copies of itself to new victims. As a result, the infected computers formed a botnet and initiated a DDoS attack on Microsoft.
ILOVEYOU is a worm that was created by a hacker from Philippines, Onel de Guzman, in 2000. At that time, Onel de Guzman was a college student. He didn’t have much money back then. Because of this, he designed a worm to log into online services without paying. The worm sent an email in the form of a love letter. After the victim opened the letter, the virus was installed. Then it sent out tons of emails to the victim’s contacts. Overall, the virus caused $15 billion of damage. Onel de Guzman was shocked! He didn’t expect the whole matter to get that big. However, the Philippines didn’t have laws against cybercrime back then. And Onel de Guzman was not prosecuted. Now, the hacker resides in Manila and feels sorry about creating ILOVEYOU.
WannaCry is ransomware that in 2017 infected 200,000 computers in 150 countries, causing financial damage of $4 billion. This ransomware attacked governmental establishments and hospitals. In the course of the attack, the hackers asked for $300–600 in bitcoins from their victims. The malware exploited Microsoft’s vulnerability in Server Message Block (SMB) protocol. An interesting fact is that Microsoft tried to protect the systems of its users two months prior to the attack by releasing a security patch. However, those customers who didn’t take advantage of the patch fell victim to the attack.
Now you know the difference between malware, viruses, and ransomware. Malware invasions are a huge issue in cyber security today. Companies get frequently infected with worms, trojans and ransomware. Having knowledge about the various types of malware is the first step in combating malware. The second step is getting a backup solution to recover your data in case data gets lost because of malware.
NAKIVO Backup & Replication is an all-in-one backup solution that can protect virtual, physical, cloud and SaaS environments from data loss related to malware attacks. To ensure a full recoverability of your data, perform regular and efficient backups, and store those backups onsite, offsite, in the cloud and on tape. The solution also delivers immutable backup repositories to protect your backup data from encryption by ransomware.
To learn more about viruses, ransomware, and malware click here.