Virus, Ransomware and Malware: The Differences Explained
By: NAKIVO Team
When it comes to cybersecurity, some terms are often used interchangeably, which can be confusing. Viruses, malware and ransomware are sometimes used indiscriminately to refer to the same concepts, even though these terms are quite distinct. Understanding the exact classification of malicious software can help you put in place the right prevention measures and avoid data loss. You can minimize the risk of having your devices infected by learning more about the differences and how malware is used to target victims.
This blog post describes the differences between virus, malware and ransomware to address the most common misconceptions and explain how you can protect your data from potential external threats.
What Is the Difference Between Virus, Malware and Ransomware?
Malware is a portmanteau of “malicious software”. It is a general concept that includes any external malicious code that can damage a device or corrupt data. When talking about cybersecurity in general, malware is usually the broadest term that can be used in most contexts. Ransomware and viruses are two types of malware. Other types of malware include:
- Spyware: This program allows hackers to track the activity of another device. Spyware gathers personal data, such as credit card information, passwords, usernames, etc. to be used by hackers later to break into machines.
- Bots: Bots are malware that connect hacked machines to a central server. This network of machines is known as a botnet. Botnets can remain undetected, even when they include millions of devices. While using the power of a hacked machine, botnets can send phishing messages and spam, steal personal information and perform denial-of-service (DDoS) attacks.
- Rootkits: Rootkit allows hackers to control a device without the user being aware of it. Once installed, a rootkit can change system configuration and download other malicious files.
- Worms: Worms are programs that automatically spread between computers on the same network without a host file. Worms can delete or modify information, steal data or install additional malware. Worms aren’t that popular today, but other malicious software still use the same attack method.
- Trojan Horses: Unlike worms, Trojans need a host to function. They are undercover malware, as they are generally disguised as a legitimate file. Trojans mainly spread through phishing. However, it is not the only way. Trojan attacks sometimes appear integrated into a fake antivirus that pops up on a website offering protection for a device. Once installed on a computer, Trojans allow spying and data modification.
- Adware: Adware is malware in the form of well-known pop-ups. Usually, they go hand in hand with free games or other unlicensed programs. Sometimes the only threat they pose is reducing the speed of a machine. However, in some cases, they can also lead to spyware installation.
However, viruses and ransomware are the most widespread types of malware.
Differences Between Malware and Virus?
A virus is a malicious program that spreads through infected websites and files. When a device is exposed to a virus, the virus is installed and starts running without the user’s knowledge. Viruses can corrupt data, damage a device and interfere with the performance of a device, formatting the hard drive. Some viruses can replicate and spread across a local network. Even a simple virus can significantly slow down the system by using the computer’s memory and cause frequent crashes.
How viruses spread?
Even careful system administrators and users, who take precautions against potential malware threats, have probably been exposed to a virus at some point. Viruses spread in various ways. A virus can get into an environment’s network through everyday activities like:
- Exchanging data between devices
- Visiting infected websites (a device can get infected even without downloading files)
- Downloading torrent files or other free software
- Using external storage devices (like USB drives) that were previously connected to an infected computer
- Opening infected email attachments
Viruses: myths and facts
Myth: You’ll definitely know when your computer gets infected.
Fact: Malware often spreads undetected. That’s why you won’t always be able to tell whether a device is infected.
Myth: Credible websites don’t contain viruses and other malware.
Fact: Hackers can run malicious ads on reputable websites. Even just viewing the ad without clicking on it can install malware. Sometimes even the most well-known websites can be infected with malware.
Myth: Apple devices are safe from viruses.
Fact: This is a deeply rooted misconception. However, all devices can get infected, whether running macOS or another OS. Hackers refine their programs to affect any system and environment.
Myth: Emails from credible sources can’t be infected. It’s always safe to open email attachments from trusted sources.
Fact: Even when an email comes from a trusted source (colleague, friend, etc.), there is no guarantee that it is safe. Some viruses sneak into the contact list and infect emails. So, if an email attachment seems suspicious, it’s better to avoid opening it.
Myth: When there isn’t any critical data on a computer, malicious software is not a threat.
Fact: Even if a device doesn’t store any critical data, malware still poses a threat to security. Malware rarely looks for data. Instead, it accesses a contact list to send spam emails or uses the memory and power of a machine and, as a result, of the whole network.
Myth: Firewalls offer complete virus protection.
Fact: Firewalls provide various types of protection, mainly filtering traffic and restricting unauthorized access to data. However, malware can still access a device and spread through the network.
What Is Ransomware Virus?
Even though ransomware is often referred to as a “ransomware virus”, there is no such term. Virus and ransomware are two different types of malware. Ransomware is a type of malware that blocks access to a machine or to data. Basic ransomware blocks access to programs and files on a computer, while more advanced versions of ransomware encrypt data completely.
Ransomware functions based on encryption, a technology initially created to protect computers. Encryption is considered one of the most effective security measures. Encryption transforms data into a secret code that can only be decoded by using a decryption key.
The way to decrypt files and regain access in case of a ransomware attack is by paying the ransom to the hacker to obtain the decryption key. Usually, this has to be done by a deadline set by the hacker. If a user doesn’t pay the ransom, hackers can delete all the data. Today a ransom payment is often demanded in bitcoin. Ransomware attacks usually pay off because organizations don’t want the news of being hacked to spread. Companies are often afraid of lost trust and reputational damage. So, paying the ransom seems like a solution to resolve the situation swiftly.
However, paying the ransom doesn’t guarantee regaining access to your systems, as hackers don’t always keep their end of the deal. Instead of financing hackers and wondering if you can regain access to your data, a much better solution is to back up your workloads. The best approach to ransomware protection is having a 3-2-1 backup plan. Such a plan means that you should have a minimum of three (3) backup copies, store two (2) of them on different media, and keep one (1) offsite. With this backup plan, your recovery process will be fast and simple, even after a ransomware attack.
How ransomware spreads?
Ransomware has a particular way of spreading. Some of the most common ways are:
- Phishing emails: This is a spam email that includes a malicious attachment or link. Once the attachment or link is opened, ransomware is downloaded on the machine. Sometimes the sender of the email can be someone in your contacts.
- Links in messages on social media: Similarly to an email, messages on social media can contain a malicious link that can activate ransomware on a device.
- Malicious websites: Ransomware can be deployed after visiting a compromised website. This is common on streaming video platforms and other free-content websites.
- Additional malware: This method attacks devices that already belong to a botnet (a server that groups hacked computers). In this case, a device gets infected further with additional malicious software.
Ransomware: myths and facts
Myth: Ransomware attacks businesses and not individuals.
Fact: Ransomware doesn’t differentiate. Individuals and businesses can become victims of ransomware attacks.
Myth: You always get data back after paying the ransom.
Fact: Mostly, those who pay the ransom do not regain access to their data. Paying a ransom seems like an easy and fast solution to make the problem go away. However, paying a ransom means financing cybercrime and incentivizing hackers to carry out more attacks without having any guarantees of getting decryption keys.
Myth: Ransomware can’t encrypt backups.
Fact: Although regular backups are the best solution to protect your data, ransomware can also access some backup versions. That’s why it is essential to follow the 3-2-1 backup rule and prevent sharing the backup repository with other users. It is also useful to use immutable backup repositories.
Ransomware vs. malware vs. virus
|Ransomware is a type of malware.||Malware is a general term to describe any malicious software.||A virus is a type of malware.|
|Ransomware is designed to block access to data until a user pays a ransom.||Malware is designed to cause a wide range of damage to a computer, depending on the type of malware.||A virus is designed as a malicious code attached to a separate file. A virus can format a hard drive, or it can be harmless.|
|Ransomware locks the system and encrypts all data.||Malware can control and steal data, use the resources of a computer, destroy the system, etc.||Viruses can damage a device, corrupt data, degrade performance of a device, etc.|
|There are different types of ransomware, such as locker, doxware, crypto, etc.||There are many kinds of malware: worms, spyware, rootkits, trojans, ransomware, etc.||Virus comes in different forms: file infector, macro virus, polymorphic virus, etc.|
|Ransomware is mainly spread as a malicious attachment to phishing emails.||Malware generally spreads through emails, data installation, web surfing, etc.||Viruses spread while downloading or exchanging files, visiting malicious websites, etc.|
|Ransomware is one of the trickiest malware. The best “cure” for ransomware is prevention and backup.||Following cybersecurity rules and backing up data is the best solution to prevent malware infection and protect data.||One of the most common and effective ways to protect a device from viruses is antivirus software.|
How to avoid ransomware, virus and other threatware?
After learning the differences between the types of malware, the first question that comes to mind is: Can a malware attack be prevented? There are multiple ways a user can secure a device from getting infected. The best solution is to follow basic cybersecurity rules:
- Get antivirus, antispyware and firewall protection, and always keep it up-to-date.
- Update your operating system and applications regularly.
- Improve your browser security settings and block pop-ups.
- Avoid opening messages and emails from unknown senders.
- Don’t open suspicious attachments, links and websites.
- Evaluate free programs, files and software before downloading.
- Set strong passwords and change your login details regularly.
Sticking to these rules minimizes the risk of having a device infected by malicious software. However, nothing can guarantee 100% security. That’s why it is crucial to backup your data in multiple locations, preferably sticking to a 3-2-1 backup plan. This way, even in case of a ransomware attack, you will be able to restore your data with a few clicks.
How to detect malware?
Another frequent question is how to determine whether a computer or a network has been infected. A computer might be infected if you experience some of the following issues:
- Slow computer performance
- Frequent crashes
- Unstable computer behavior (a computer sends messages or spam emails without the user’s involvement, or opens/closes programs, etc.)
- Unexplained data loss
- Pop-ups and other messages displayed on your screen
- Blue screen of death (BSOD)
How to remove malware?
Detecting and removing malware can be a complicated task. Unless you are a professional, it is easy to miss some elements and get it wrong. Additionally, it is hard to say if malware modified the system to an extent where reversing the damage has become impossible. A typical procedure for removing malware is:
- Run an antivirus to scan for malware.
- Once malware is detected, delete infected files.
- If it can’t be done automatically, check with your security vendor’s technician for assistance.
- After formatting a drive, recover data and reinstall the programs (if needed).
- Analyze how a computer got infected to prevent malware attacks in the future.
- Take time to inform all users of cybersecurity rules.
If some of your files are encrypted as a result of a ransomware attack, try the following procedure:
- Avoid paying the ransom.
- If an infected computer is connected to a network, unplug it or switch off the access point (in case of Wi-Fi connection).
- Take a picture of the lock screen displayed on the monitor. It may help identify the type of ransomware.
- Use any read-only media with antivirus, scan all disks of the computer and delete malware.
- If anything goes wrong, contact a specialized technician.
The Most Damaging Malware
Cyberattacks don’t result only in data corruption and computer damage but also in significant financial losses. One of the most expensive cyber attacks was caused by the malware MyDoom, which resulted in an estimated $38 billion of damage. Technically, MyDoom, also known as Novarg, is a worm that spreads through phishing emails.
The severity of the attack was the result of the sheer volume of email sent. At one point in 2004, MyDoom was responsible for sending out a quarter of all emails. After infecting computers, MyDoom took all of the email lists and sent copies of itself around. The infected computers then formed a botnet to perform DDoS attacks.
MyDoom is still circulating. Even 16 years after its creation, MyDoom still sends more than a billion emails with a copy of itself. The creator of this worm was never found, even though a reward of $250,000 was offered for finding the attacker(s).
The creation of this malware was a turning point, or better said, a point of no return. ILOVEYOU was one of the first cyberattacks conducted through email. This worm managed to infect 50 million computers in 10 days, causing a total of $15 billion of damage. First, it sent an email that looked like a love letter. And after installation, it sent 50 more malicious emails to a victim’s contacts.
The worm was developed by Onel de Guzman, a college student from the Philippines. As he didn’t have sufficient funds, he programmed the worm to log into the online services with an admission fee. He couldn’t imagine how big it would get. At the time, the Philippines didn’t have any laws against cybercrime, so Onel de Guzman was never prosecuted. Now 44, the hacker lives in Manila and regrets the creation of ILOVEYOU.
WannaCry first appeared in 2017. This ransomware infected more than 200,000 computers in around 150 countries, causing more than $4 billion in damage. WannaCry caused massive losses not only for businesses and individuals but also for governmental institutions and hospitals. The hackers demanded a ransom of $300 in bitcoins. Later the ransom was increased to $600.
It turned out that malware took advantage of Microsoft’s vulnerability in the Server Message Block (SMB) protocol. Two months before the ransomware attack, Microsoft released a security patch to protect users’ systems. However, those who didn’t keep their operating systems up-to-date were exposed to the WannaCry attack.
Cybersecurity is one of the most critical challenges today. Viruses and ransomware, together with other types of malware, pose a severe threat to data integrity and security. The best solution for avoiding attacks is following the general rules of cybersecurity. To avoid a long process of recovery and rebuilding a system from scratch, back up your data. It is crucial to have a comprehensive approach to data backup and recovery. Find the best solution that would meet your needs with NAKIVO Backup & Replication.