The Difference Between Ransomware and Malware - Be Informed And Earn

Wednesday, May 17, 2017

The Difference Between Ransomware and Malware

The number of systems being attacked and infected by malware is on the increase. Last weekend and some early parts of last week were truly a very unpleasant one for several UK entities like NHS, FedEx, etc. The attack on these establishments was evidenced by the whole world and the attack in question uses the WannaCrypt ransomware is based on WannaCry. It is a malicious program that encrypts your files and demands for a specified amount of money which is to be paid in Bitcoins before they will be decrypted. This worldwide attack now raised up a good question: Is there a difference between ransomware and malware?


So I am going to explain the difference between the both and hopefully clear the air of some confusion that often arises. Simply put, ransomware is a subset of malware, it's (Malware) attacks usually come in the form of a computer worm (Virus).  A virus piggybacks on something like a attachments/documents like spreadsheet or e-mail, but a worm is a more active attack. It starts on a networked computer system and attempts to spread its nodes to one or more computers on the same network as soon as possible. 
The Difference Between Ransomware and Malware
The slow or fast spread of worms used to be difficult or nearly impossible when there were a little number of networked computers. These days, the internet effectively links billions of devices and keeps them on constant synchronization and communication with each other. A computer virus is no longer now, what they used to be before, these modern days nefarious authors of malicious programs typically combine one or more viruses and worms. This allows the malware to remain hidden/nearly undetectable while it rapidly spreads itself and still maintains its stealth mode as it spread itself among files on a host computer, as well as spreading to other computers that are connected to the host computer. 


Another point to note is that Malware tends to be specific to a particular mobile or desktop platform like Windows OS, or even an application. The authors make sure that their product (the malware) targets specific security holes or improperly configured systems just as what we saw on Cerber3, Popcorn Time or this very recent Wanacry.



Ransomware differs primarily in its approach after a successful attack. Non-ransomware malware may simply be annoying or slightly malicious, deleting files or changing the system configuration (e.g, a screen background). More malicious malware may reformat a disk or corrupt files on the system. It may also remain hidden and communicate with a control system so it can be part of a distributed denial of service (DDOS) attack. In addition, malware may try to capture information from passwords and keystrokes to documents, and then forward this information to a control system.





Now, talking about Ransomware, it comes into play when the malware which has already completed its mission notifies the system’s user that he/she has been attacked, all your files and disk drives encrypted. The notification normally demands some sort of payment to restore the computer to its previous state. In theory, the attacker who manages the ransomware will remotely readjust the computer from where ever he is or she is hiding out once payment has been made. Of course, just like in a traditional kidnapping and ransom situation, they may keep their end and leave the computer in the malware attacked state.



Just like in a traditional kidnapping and ransom situation, following the money trail just as the way rats follows bread crumbs is how a conventional ransom attacks can be traced back to the perpetrator. But in our 21st century, doing so now is a bit more difficult these days, as most ransomware attackers now ask for payment using cryptocurrencies like Bitcoin and delivery often takes place through a stealth communication system that keeps users anonymous.



The WannaCrypt attack encrypted files on a Windows computer and then demands a ransom payment of $300 in Bitcoins. If this is not done within three days of the initial attack, the amount is increased to $600. This ransomware deletes files on the infected machine if this continues past a week.




Talking about last week's WannaCrypt, there has been several malware attacks that happened abinitio, but this one really pulled trousers down the waists of infected companies and users. It subverts Windows machines using a bug in the Server Message Block (SMB) protocol. Microsoft however, issued the MS-17-010 security patch on March 14th so as to fix and address the security leak, and systems need to install this update manually in order to be protected. Some did, some didn't while some who were running pretty outdated versions of Windows like Windows XP really didn't care until the attack has fully set in. 

For security and information purposes, I'll be sharing the official Microsoft download links of the security patches that were originally shared by Microsoft. All you have to do is to download them according to your system's Windows version and architecture.




4.    Windows 7 x64

5.    Windows 7 x86

6.    Windows 8

7.    Windows 8.1

8.    Windows 10



11.    Windows 2008

12.    Windows 2008R2

13.    Windows 2012

14.    Windows 2012R2

15.    Windows 2016

Installing these security patches will automatically limit your chances of your PC and network getting infected. But you on your path have major roles to play and security measures to keep. Never open any email attachment or install unknown browser addon. Make sure you use a premium version Antivirus, and always apply your updates when prompted


Final Words:
Prevention they say is better than cure, but if you do get attacked and your PC or network gets infected, don't panic. One way to recover from this type of ransomware attack is to resort to backups, (if they exist). So now you the importance of backups, but unfortunately, some users will not have the strength to be doing backups every now and them. You can set your machine to automatically run a backup on it's on at a particular time, each day or each week. And after making the backup, do well to store in more than one places that are entirely isolated from the host computer. I do not need to remind you that backups stored on a disk attached to a compromised computer would be under attack, as well.


No comments:

Post a Comment

***We ❤ to hear from you, Tell us Your views and opinion. Please note that comments are always moderated, Abusive comments won't be approved, and spammy comments are deleted automatically.