What is the type of malware that restricts access to that computer by encrypting files on the hard drive or by displaying messages demanding ransom?

Ransomware is a class of malware which restricts access to the computer system that it infects and demands a ransom paid to the creator of the malware in order for the restriction to be removed. Some forms of ransomware encrypt files on the system's hard drive, while others simply lock the system and display messages intended to coax the user into paying.

How do ransomware attacks work?

Ransomware typically propagates like a conventional computer worm, entering a system through, for example, a downloaded file (usually sent via a link in an email) or a vulnerability in a network or operating system service. The act of opening the email, if affected, can trigger numerous types of problems on your computer as well as continue to spread to the user’s network or operating system.

How long do ransomware attacks last?

A recent 2020 Vanson Bourne survey (sponsored by SentinelOne), shows that recovery from a ransomware infection takes ~33 employee hours. On top of that, 48 percent of organizations that participated in the survey were affected by at least one ransomware attack during the last 12 months. The core activities typically done to recover from the ransomware infection include decrypting files and data encrypted by the attackers and replacing encrypted files and data with backups.

What are the examples of ransomware?

There are two styles of ransomware attacks that have emerged. The first may be the more likely to strike, but it is also potentially less debilitating. This version simply locks the victim's screen. The second style of ransomware is a more targeted attack, and actually encrypts files on the target computer.

1. In the first type, criminals typically use an official-looking logo to intimidate the victim (such as a local law enforcement agency or a government department) and simply lock their victim's screen so they cannot access their computer until a payment is made. It is a broad-brush approach, distributed en masse with the hope that a portion of victims will pay the 'fine' or ransom demanded on the locked screen. This scenario does not typically encrypt any files on the victim's computer (although early examples may have) and is more often just a form of malware, for which most security vendors have tools to assist.
2. The second type of ransomware is a more targeted and challenging concern. In this scenario, cyber criminals target a particular victim, typically a business or an organization. The targeted computers are actually hacked and files on the computer encrypted. Without payment, files are inaccessible.

How does ransomware work?

To understand how to protect against ransomware attacks, you must first understand how they work and propagate. Attacks like these usually start with a phishing email to users. Once a user clicks on a malicious link in the email or opens a malicious attachment, malware is downloaded to their machines. An example of this is WannaCry, where the malware spread laterally in the network using a Windows vulnerability that was patched two months before WannaCry was released in the wild. After that, the process is simple – the malware infects a computer, locking users out of the system (usually by encrypting the data on the hard drive), and then holds the decryption or other release key ransom until the victim pays a fee, usually in bitcoin.

How can you protect against ransomware attacks?

IT professionals can take decisive action to minimize both the threat and the impact of ransomware. By following 5 preventative steps outlined in this POV you can protect your enterprise against ransomware by limiting the impact of a breach, exploring where an in-process attack can be stopped, and discussing what to do if a hacker succeeds in gaining access.

How to prepare for a ransomware attack?

Businesses continue to be hit with ransomware attacks that are having a major impact on their company, systems and assets. The victims cost is high, estimated at $20 billion in 2020. Corporations are scrambling to tackle how to better prepare their organization to reduce the frequency and cost of these attacks. Learn what global cybersecurity experts are recommending companies do to be prepared for ransomware attacks. Read this Digital Journal article, Ransomware: The ROI of being prepared that provides perspectives from Sally Eaves, senior policy advisor for Cyber Studies and Research and Mat Newfield, Chief Security and Infrastructure Officer at Unisys.

How can you isolate WannaCry ransomware?

Although we can try our best to close every gap in our environment, control every endpoint, and identify every risk, hackers will get in. You need to focus on how you can best protect your data and minimize any impact when the hacker gets in. With Unisys Dynamic Isolation™, you can isolate a suspicious user or device within seconds of detection – stopping a threat before it expands and preventing data exfiltration.

Watch how a threat is isolated in seconds before causing any harm.

In 2018, there were 812 million reported malware infections (PurpleSecus Cyber Security Report), and 94% of those malware infections were delivered via email (CSO). No devices were immune to these infections—not even mobile devices.

What is malware? Malicious software, or "malware," is software written with the intent to damage, exploit, or disable devices, systems, and networks. It is used to compromise device functions, steal data, bypass access controls, and cause harm to computers and other devices and the networks they are connected to.

Malware on the Rise

According to a recent Internet Security Threat Report by Symantec, there were 246 million new malware variants discovered in 2018, and the percentage of groups using malware is on the rise, too. Symantec reported that groups using destructive malware increased by 25% in 2018.

With malware usage continuing to rise, it’s important to know what the common malware types are and what you can do to protect your network, users, and critical business data.

Understanding the Six Most Common Types of Malware

The six most common types of malware are viruses, worms, Trojan Horses, spyware, adware, and ransomware. Learn more about these common types of malware and how they spread:

1.   Virus

Viruses are designed to damage the target computer or device by corrupting data, reformatting your hard disk, or completely shutting down your system. They can also be used to steal information, harm computers and networks, create botnets, steal money, render advertisements, and more.

Computer viruses require human action to infect computers and mobile devices and are often spread through email attachments and internet downloads.

[You Might Also Like: "As Cyber Crime Evolves, Are Your Security Tools Keeping Up?"]

2.   Worm

One of the most common types of malware, worms spread over computer networks by exploiting operating system vulnerabilities. A worm is a standalone program that replicates itself to infect other computers, without requiring action from anyone.

Since they can spread fast, worms are often used to execute a payload—a piece of code created to damage a system. Payloads can delete files on a host system, encrypt data for a ransomware attack, steal information, delete files, and create botnets.

3.   Trojan Horse

A Trojan horse, or “Trojan”, enters your system disguised as a normal, harmless file or program designed to trick you into downloading and installing malware. As soon as you install a Trojan, you are giving cyber criminals access to your system. Through the Trojan horse, the cyber criminal can steal data, install more malware, modify files, monitor user activity, destroy data, steal financial information, conduct denial of service (DoS) attacks on targeted web addresses, and more. Trojan malware cannot replicate by itself; however, if combined with a worm, the damage Trojans can have on users and systems is endless.

[You Might Also Like: "What is Layered Security & How Does it Defend Your Network?"]

4.   Spyware

Installed on your computer without your knowledge, spyware is designed to track your browsing habits and internet activity. Spying capabilities can include activity monitoring, collecting keystrokes, and harvesting of account information, logins, financial data, and more. Spyware can spread by exploiting software vulnerabilities, bundling with legitimate software, or in Trojans.

5.   Adware

Adware is often known for being an aggressive advertising software that puts unwanted advertising on your computer screen. Malicious adware can collect data on you, redirect you to advertising sites, and change your internet browser settings, your default browser and search settings, and your homepage. You typically pick up adware through a browser vulnerability. Legitimate adware does exist, but it will ask your permission first before collecting data about you.

6.   Ransomware

According to Cybersecurity Ventures, cybercrime is predicted to cost the world 6 trillion dollars annually by 2021. Because ransomware generates so much money for cybercriminals, it is the type of malware we hear the most about.

Ransomware is a type of malware that holds your data captive and demands payment to release the data back to you. It restricts user access to the computer by either encrypting files on the hard drive or locking down the system and displaying messages that are intended to force the user to pay the attacker to release the restrictions and regain access to the computer. Once the attacker is paid, your system and data will usually go back to its original state.

How To Protect Your Business from Malware

Propagation of malware and cybercrime will continue to rise, and it’s important to protect yourself and your business from cybercriminals by implementing multiple layers of security, also known as a “layered approach.” These layers may include a firewall, end-user training, anti-malware and anti-virus software, email and web filtering, patch and update management, network monitoring, and managed detection and response services, just to name a few.

A layered approach is important to ensure that all potential entry points are protected. As an example, a firewall may prevent a hacker from getting on the network, but it won’t stop an employee from clicking an infected link in an email.

A good business continuity and disaster recovery solution (BCDR) is a must, too. A BCDR device and plan will not only protect your critical data in the event of a ransomware attack, but also from server failure, fire, or other natural disasters.

Don’t Forget Your End-Users

Though the layered approach described above can significantly reduce the risk of an attack, a business’ biggest vulnerability lies with its end-users.

Remember, 94% of all malware is delivered via email, which means that the security of your business lies in the hands of your end-users. So, when building your cybersecurity layers, don’t forget to educate your end-users and train them to be aware of the threats they may encounter and what to do when an attempted attack inevitably lands in their inbox.

End-user education along with software and hardware solutions are key to creating a more secure business environment. Prosource’s Managed IT Services give customers peace of mind. The monthly service not only includes many of the layers needed to secure your business network, but also other productivity-boosting benefits, like Help Desk support and a virtual Chief Information Officer (vCIO) who can educate and guide you and your employees on best practices to help protect your business.

Editor's Note: This post was originally published as "5 Common Types of Malware" in June 2017 and has been updated for accuracy and comprehensiveness, including an additional common type of malware.