Malware is a general term that covers a wide variety of different types of malicious software (which is where the name “malware” comes from). Different types of malware are designed to achieve different purposes, including everything from breaching sensitive data to causing damage to computers.
Since malware covers a wide range of malicious functionality, there are many different types. Some common types of malware include:
All of these malware variants have different goals, but they use many of the same techniques to achieve them. For example, phishing emails are a common delivery mechanism for all types of malware, and different types of malware can all use the same techniques to hide themselves on a computer.
Putting it simply, all ransomware is malware, but not all malware is ransomware. The goal of ransomware, which is made possible by encryption technology, is to deny the victim access to their files and demand a ransom in exchange for restoring that access.
Once ransomware gains access to a computer, it works its way through the filesystem checking the types of files that it finds. If a file matches a built-in list of file extensions, the malware encrypts the data that it contains, replaces the original with the encrypted version, and wipes any record of the original from the system.
Many ransomware variants will also work to spread beyond their initial target. This enables the attacker to expand the number of infected systems, access higher-value systems, and increase their payoffs.
After the ransomware has completed the encryption process, it presents a ransom demand to the user. If the user pays the ransom demand, then the attacker provides them with a copy of the encryption key for their files. Using this key and attacker-provided decryption software, the ransomware victim should be able to decrypt most or all of their files, restoring access to them.
As ransomware has evolved over the years, the lines between ransomware and other types of malware have blurred, creating hybrids such as:
From a core functionality standpoint, all of these different types are similar: they use encryption to achieve their goals. However, the addition of extra “features” or masquerading as ransomware can be profitable to the attacker.
The best way to manage a malware attack is via prevention. However, malware prevention can be complex because ransomware can be delivered via a number of different attack vectors, including:
Organizations require a comprehensive malware prevention solution to minimize the malware and ransomware threat. To learn more about protecting against malware, contact us. You’re also welcome to schedule a demo of one or more of our products to see how Check Point solutions help to close malware attack vectors.