Malware and Ransomware: What’s the Difference?

CERT-LatestNews Malware Security News ThreatsCybercrime Uncategorized

With 638 million ransomware attacks in 2016 – which is more than 167 times the number of attacks in 2015 – ransomware, a new subsidiary of malware has swiftly laid an outset of its threat and capabilities. With various eminent organizations and personal users getting victimized by various cyber-attacks, a certain confusion between both these malign terms, malware and ransomware arises.

What is malware?

Malware is a crunched term for ‘Malicious Software’. It is particularly designed to obtain access to an owner’s computer by tricking him into installing a certain software. It can track what a user is accessing on his computer and can cause damages which he might be completely unaware of. Malware is mostly seen in the forms of keyloggers, viruses, worms or spyware.

Malware can be used to steal sensitive information or spread spams via email. However, nowadays, this deceitful software is generally used to generate a pile of revenue through conscripted advertising.

Recently, a malware Fireball, spread by a Chinese digital marketer Rafotech, converted over 250 million web browsers around the globe into ad-revenue generating engines. Almost 20% of the corporate networks were affected because of this malware. It was later revealed that the major spread of the Fireball was because of the bundling. With some desired programs like Deal Wifi, Mustang Browser, Soso Desktop and FVP Imageviewer, the malware installed itself without any compliance of the user.

Just a week before that, 36.5 million Android devices were affected by a malware named Judy. With the same propaganda of producing fake clicks on advertisements to generate revenue via deceitful means, this malware was found in 41 apps, all of which were developed by a Korean company Kiniwini. Most of the harmful apps existed on the official Google Play Store raising serious questions regarding Android’s security.

Also, lately, a malware named ‘Crash Override’ was detected in the wild which caused a power outage in the Ukrainian capital, Kiev. It is the first malware ever to attack an electric grid giving us a hint of the disastrous consequences that might follow.

What is ransomware?

Ransomware is basically a type of malware that locks your computer and prohibits you from accessing it until you pay a demanded ransom. It is generally demanded in the form of Bitcoins. Nowadays, instead of locking a user’s keyboard or computer, individual files are encrypted using a private key which only the ransomware authors know. However, there is no guarantee that paying the ransom will unlock your computer.

In May 2017, a large-scale cyber-attack by the Wannacry Ransomware infected over 300,000 computers in 150 countries. Only the computers running on the Windows Operating System were affected.

Another Ransomware Petya was seen disrupting the functioning of a number of businesses spanning Europe, the Middle East, and the United States this week. However, the major difference between Petya and WannaCry is that Petya can spread only across a local network. If you are not a part of the same network, you are highly unlikely to get affected by it. On the other hand, WannaCry could have spread exponentially and indefinitely across the entire internet if the “Kill Switch” did not exist at all.

Recently, it was discovered that Petya isn’t a ransomware but a deadly “Wiper Malware”. Researchers found that Petya was just designed to look like a ransomware. Its framework had no scheme of information retrieval at all. After rebooting the victim’s computer, Petya encrypted the hard disk’s Master File Table (MFT) and made the Master Boot Record (MBR) dysfunctional. The encrypted code was replaced with their own malicious code prohibiting the user from rebooting, which was then followed by a screen that showed a ransom note. However, the new variant of Petya does not maintain a copy of replaced MBR at all. So, even if the victim gets the decryption key, he cannot boot his computer device. How do malware and ransomware spread?

The spread of malware is mostly through emails with links which claim to have some information that naive computer users may find interesting. Once a user clicks on that link, they are redirected to a fake website which looks just like a real one. Then to access the required information or program, users are requested to download some software. If a user downloads that software, their computer gets infected.

Web sites and pop-ups which claim to offer free content such as free music or movies are among the major sources of cyber attacks. These security breaches allow the scammers to track your behavior on the computer and steal personal credentials. This information can be used for a number of forged activities and the consequences can be pernicious.

How to protect yourself from malware attacks using a VPN

While backing up your data periodically is the most effective and important step to protect your device against malware and ransomware, using a VPN can also boost the security of your system.

A VPN allows you to access the web through anonymity. This makes the task of tracking your computer difficult for the attackers.

Many top-notch VPNs give a security warning to users when they try to access suspicious URLs. Also, all the data that is shared online using a VPN is encrypted. So, it remains out of the reach of malware authors.,20170727,72873.html