The Difference Between Ransomware and Malware
With worldwide attacks using a new form of malware called ransomware on hospitals and industrial systems coming to light in the press recently, it is evident that a new kind of malicious software is on the rise. These attacks bring up an important question: is there a difference between this new “ransomware” and traditional malware? In simple terms: yes. There is a difference between ransomware and malware.
Ransomware is a new form of malware that has a more specific task in mind – to extort money. So it’s not a matter of whether there’s a difference between ransomware and malware. Ransomware is simply a different type of malware. Traditional malware usually comes packaged as a computer virus or worm. A virus will often affect a single computer and can run all sorts of unwanted programs such as transfer private data from the machine over the internet, corrupt critical files and effectively destroy the software of the device, or even sit quietly and monitor a user’s keystrokes to try and glean passwords. A worm, on the other hand, will affect one computer then attempt to spread to other computers on the same network. A worm’s goal is usually the same as a virus, but it can spread to multiple machines instead of being a localized infection. This malicious code usually comes included with something like a document or spreadsheet through an email – which is why you see such stress placed on never, ever opening emails or attachments if you’re not sure where they originate.
Modern malware can carry much larger payloads than traditional malware – often including multiple viruses or worms in combination, so it is difficult to find and eliminate all of the malicious code. Modern malware can also find its way in through many other security holes such as software that hasn’t been updated to patch out security flaws – Adobe Flash Player is a prominent example of this. This behavior fundamentally changes the defense strategy when it comes to protecting your systems from malware–from training users to recognize attack attempts to keeping up with malware manufacturers on their latest techniques and making sure to patch all software vulnerabilities as well.
What Makes Ransomware Dangerous
Ransomware is a form of modern malware but differs primarily from malware in what it does after it has successfully breached a machine. Once malware infects a device, its symptoms can range from annoying to slightly malicious, deleting files or changing system configurations all the way up to reformatting a disk or corrupting data. It can often remain hidden, communicating with a control system so it can eventually become part of a BotNet to participate in a distributed denial of service (DDOS) attack or even just sending back keystroke information from passwords or document information.
Ransomware does not take the subtle approach. As the name suggests, the software enters your system then holds it ransom for some form of payment. This usually takes the form of encrypting your data so you can no longer access it until payment is made to restore the machine. However, much like mobsters running a protection racket, one payment is never enough. The ransomware will take your money, potentially go dormant for some time, then return to extort more money from you again and again until you get rid of the software at its source. It is also entirely possible that the ransomware will take your money, then continue to hold your machine ransom anyway.
One prominent example of ransomware is known as WannaCrypt, affecting tens of thousands of machines primarily in Europe – although its reach was worldwide. WannaCrypt works by exploiting a bug in the Windows Server Message Block (SMB) protocol. Microsoft promptly released a security patch to address the vulnerability, but the patch needs to be installed to begin protecting systems with the vulnerability. WannaCrypt would subvert a device then ask for small amounts of money (~$60, usually). WannaCrypt would have spread much further if a “kill switch” had not been discovered.
Fortunately for a user with an infected device, the process for dealing with these types of software is similar. Very often current anti-virus or anti-malware suites can detect and quarantine malicious code packages. However, if those fall short, you may need to look into reinstalling the operating system of the machine to start clean. Unfortunately loading from a backup may not work. A majority of malware – including ransomware – will work to corrupt any backups stored on any attached disks to the infected machine. It is also worth noting that most ransomware will still work even if the system in question employs secure boot since the malicious code attacks secured code.
What You Need to Look Out For
Prevention for both types of attacks is also in alignment. The focus for a solid preventative strategy revolves around keeping installed software up-to-date and minimizing – or eliminating – known bugs. Enabling remote updates in your organization can help by closing security vulnerabilities before they can be exploited, assuming fixes can be deployed in a timely manner.
Ransomware should especially concern developers of embedded systems as these attacks are not limited to workstations or even servers. Since Windows suffers from the most attacks of any operating system – simply because of the sheer number of Windows installations in the world – and many embedded systems run Windows, these systems are vulnerable. Embedded systems also often suffer from extra challenges when considering preventative strategies due to limitations on software updates to prevent attack vectors from traditional malware. Frequently the attack vector in these situations is discovered after such restrictions are employed.
The future of ransomware lies in these malicious code packages infecting large numbers of machines in a single organization then holding those machines ransom as a whole package deal. These code packages have the ability to contact the leaders of the infected organization without the individual users ever knowing their machines are infected. However, the prevention strategy is still the same: keep software up to date to close security vulnerabilities.
Malware in all its forms can be exceedingly harmful to an organization, particularly if that organization is not equipped or staffed to handle mass infections. However, if an organization focuses on prevention, is armed with the knowledge of what they are up against, and has access to skilled and knowledgeable IT security agents, malware – and ransomware by extension – do not have to be a problem for your organization.