Written by Rob Young, Group Managing Director – 17th of August 2017

What is Malware and what does it do?

Malware is short for malicious software. It’s a code, script or software that is specifically designed to damage, encrypt, steal, or perform illegitimate action on devices, data, hosts, or entire networks.

There are many different types of malware that have varying ways of infecting systems and propagating themselves. You may of heard of WannaCry, Locky, Rapid or Petya recently.

Malware is commonly delivered via an email attachment such as a ZIP file or attached as macros to certain email files or can be downloaded with files from the internet. It cannot damage the physical hardware or network equipment, but it can damage the data and software that resides on them.

The two main types of Malware

Two of the most common types of malware are known as viruses and worms. These types of programs are able to self-replicate and can spread copies of themselves. To be classified as a virus or worm, the malware must have the ability to grow on its own. The main difference between these two is that a worm operates more or less independently of other files, whereas a virus depends on a host program to spread itself. We explore each in more detail below.

Computer Viruses

A computer virus is a type of malware that propagates by inserting a copy if itself within another program. As with human viruses, a computer virus can easily spread from one computer to another. Viruses can range in severity from causing annoying functionality bugs to damaging data or software and causing denial-of-service (DoS) conditions throughout the network.

Worms

Unlike computer viruses, worms are standalone software and do not require a host program or human help to propagate. A worm enters a computer through a vulnerability in the system setup and takes advantage of file-transport or information-transport features on the system, allowing it to travel around unaided. Like viruses, worms are able to self replicate and can therefore cause the same type of damage.

Is Ransomware a type of Malware?

Yes, ransomware is a type of Malware that cleverly blocks access to your computer files and quickly spread to other devices on the network. Cyber Criminals encrypt devices and ask victims to pay a substantial ransom to retrieve data. However, there is no guarantee that once the ransom is paid the data will be decrypted.

There are three types of ransomware in circulation:

1: Encrypting ransomware

It’s designed to block system files and demand payment to provide the victim with the key that can decrypt the blocked content. Examples include ZeptoRAA, Crypto and more.

2: Locker ransomware

Locks the victim out of the operating system, making it impossible to access the desktop and any apps or files. The files are not encrypted in this case, but the cyber criminals still ask for a ransom to unlock the infected computer. Examples include Winlocker.

3: Master Boot Record ransomware (MBR)

Overwrites the master boot record (MBR) of the affected PCs, leaving their operating systems in an unbootable state. Examples include Satana and Petya ransomware.

Like malware, ransomware removal can be very complex and is best left to professionals.

What is Crypto Ransomware?

Its a form of encrypting ransomware that’s described above. Crypto ransomware encrypts files stored on the user’s computer or mobile device and in it’s simplest form, the encryption corrupts the contents of a file, so that it is unreadable by either the user or the device itself. To restore it for normal use, a decryption key is needed to decrypt the file.

How to protect your business from Malware attacks

Ask yourself these five questions:

  1. How secure is your business setup?
  2. What antivirus software is in place and does it also prevent malware? (many don’t) Intercept X by Sophos is a brilliant way of protecting yourself from all the different types of Malware
  3. Do you have sufficient disaster recovery and backups in place?
  4. What security protection do you have in place for emails?
  5. Do you have a sufficient firewall in place?

As IT Security specialists, Infinity Group have helped many new clients over recent months due to the recent WannaCry, Locky and Petya Malware attacks. If you would like to speak to one of our IT Security Consultants to discuss your current setup, or to find out more about Sophos Intercept X malware protection Government backed Cyber Essentials security audit scheme, please get in touch.

 Don’t get caught out!