It is no secret that malware is a serious threat to computer systems and networks, costing companies an average of $2.4 million. But what’s the difference between the various types of malware? We’ll take a look at the four most common: viruses, worms, trojans, and ransomware.
Viruses are almost always attached to an executable file, so even if the virus is present on a computer it will not run until the file is executed. When the host program is run the virus runs as well. The virus spreads through sharing of the host file, such as through email attachments, or other downloaded files. They can also be spread through macros in Microsoft Office files, so be especially cautious of any Office document received in an email that requests the user to enable macros.
Much like viruses, worms also self-replicate, however they do not require a host file for transport. These are standalone programs that can run in the background. Worms exploit vulnerabilities on computer systems to infect them, or can be installed by users unintentionally by opening a malicious email attachment. Worms will then exploit transport level weaknesses to spread to other vulnerable systems on a network, or to the Internet at large.
Trojans are a type of malware that is hidden in another, seemingly legitimate, application. In many cases, the compromised software will appear to run normally, and users may not realize which application loaded the trojan onto their system. These can cause destruction to a computer system, and potentially an entire network.
A specific type of trojan is the Remote Access Trojan (RAT). RATs open up a backdoor connection to the computer or network, usually after elevating itself to administrative privileges. This allows the attacker to actually connect into the network with administrative privileges. The attacker can then view, steal, or destroy information assets stored on computer systems in the network.
Ransomware is a type of malware that is much more complex than the previous types addressed. Ransomware will encrypt certain files on a hard drive or lock down an entire computer system. The malware will then present a ransom demand to pay the attacker to restore the system or files. These attackers usually provide a quick timeline to pay the ransom before the affected files are deleted or corrupted beyond repair. These types of attacks can spread through any of the previous methods, but are typically trojans unknowingly loaded onto a system. The City of Atlanta was recently crippled by a ransomware attack, which resulted in several key systems being completely locked down. This forced court cases to be pushed back, billing systems to be taken offline, and emergency responses to be slowed down.
There is no guarantee that access will be restored if the ransom is paid. If a ransomware attack occurs, it is important to contact a Cyber Security firm to assess options for removing the malware.
Prevention and Mitigation
Preventing the malware attack before it happens is paramount. Malware can cripple a business, between the cost of malware removal and lost profits related to the destruction or encryption of data. One of the most common ways that malware finds its way into computer systems is through employees unknowingly downloading compromised files. Regular employee security training is vital to make sure that employees follow company policies for computer use, and can prevent many malware-based attacks.
Having an antivirus system in place on the network and computer systems will also prevent a majority of malware attacks. New types of malware are created daily, so it is important to keep these antivirus programs up-to-date with the latest virus definitions, so they can detect and prevent new types of malware attacks.
A secured backup plan is critical to mitigating the impact of a malware attack. This allows the company to restore data lost by a malware attack, and to restore systems to a clean version before the malware struck. From here, companies can focus on identifying weaknesses that allowed the malware in while restoring most of their data, reducing downtime and profit losses.
Malware Identification and Removal
But what can be done it malware does make it onto a computer system or network? Malware removal can be tricky and costly, but it can be done. Depending on the type of malware, there are different methods of recovery, including reverting to a previous backup, registry cleanups, and system configuration restorations. If your computer system or network has fallen victim to a malware attack, contact us today for a free consultation and quote.