Let's talk about malware, software designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, deprive access to information, or unknowingly interfere with the user's computer security and privacy. Malware is the primary tool of threat actors today, and there are a wide range of varieties, including computer viruses, worms, Trojan horses, ransomware, spyware, adware, rogue software, and more. Cybercrime, which includes malware attacks as well as other crimes committed by computer, was predicted to cost the world economy $6 trillion dollars in 2021 and is increasing at a rate of 15% per year. The defense strategies against malware differ according to the type of malware, but most can be thwarted by installing antivirus software, firewalls, applying regular patches to reduce zero-day attacks, securing networks from intrusion, having regular backups, and isolating infected systems, though malware is also being designed to evade antivirus software detection algorithms.
Malware has existed for even longer than the internet, with American computer scientist Fred Cohen writing his 1987 doctoral dissertation on the subject of computer viruses. The combination of cryptographic technology as part of the payload of the virus, exploiting it for attack purposes originated in the mid 1990s, and includes initial ransomware and evasion ideas. Early malware attacks were executed with infected floppy disks, though once email became widespread, it swiftly became the tool of choice for cybercriminals. The 2018 Data Breach Investigations Report by Verizon states that emails are by far the favorite method of malware delivery, accounting for 96% of malware delivery around the world. Many early infectious programs, including the very first internet worm, were written as experiments or pranks, but now, malware is used with much more malicious intentions.
These days, profit is the primary motive behind cyberattacks, though more and more governments are using state-sponsored cybercrime to spy on and undermine enemy nations. Still, the 2022 DBIR states that 90 to 96 percent of such crime if financially motivated. With the rise of modern broadband internet access, undermining an individual, a company, or even a country has never been easier, since nearly everyone depends on computers that are almost always online. This means that there is tremendous value in disrupting these systems, since those involved will pay exorbitant sums to get up and running again. With modern malware becoming more and more complex and capable, the cybercriminals who use these programs are getting harder to catch, and many people are seeing cybercrime as a swift, easy path to massive profit.
One favored tool of these threat actors today is ransomware. This is a subtype a malware that encrypts a victim’s data, then extorts that individual or entity into paying a ransom fee to get the data back, usual with the threat of deleting the data if the victim does not comply. Despite gaining lots of media coverage only recently, this form of malware originates from the earliest days of malicious software, invented back in the late 80s and more or less perfected by 1996. It was originally called cryptoviral extortion and was actually inspired by the fictional facehugger in the movie Alien. Ransomware has exploded in popularity in recent years, with around 623 million ransomware attacks in 2021. The US Marshal Service was recently compromised by a ransomware attack, and that attack is just one of many high-profile instances recently.
Though all forms of malware are dangerous, ransomware is especially so. Considering the rapid increase of attacks over the last few years, the sheer amount of these cyberattacks is likely to accelerate even further. With that in mind, let’s examine exactly how ransomware works. Typically, the victim downloads the software via some form of phishing, where the attacker tricks the user into clicking on a malicious download link or attachment in an email. Ransomware can also be installed by the attacker themselves by exploiting some other vulnerability in the user’s computer or network. Once the program is running, the victim will often see a page falsely claiming that their device has been locked down by a law enforcement agency because of illegal content or activities on said device. This is most common for individuals the attacker is hoping to get a smaller ransom from; an amount that could plausibly be a fine for illegal activity that the victim would rather pay than risk further trouble.
Despite the common conception that ransomware works by encrypting the victim’s data, simpler programs will just lock or restrict the system until payment is made, typically by setting the Windows Shell to itself, or even modifying the master boot record and/or partition table to prevent the operating system from booting until it is repaired. Whether the data is encrypted or not, it’s important to note that the attacker will almost certainly return the data or unlock the system after payment is made. These cybercriminals want it to be known that paying the ransom works, else the victim will believe it’s hopeless and never pay. Assuming the victim does pay the attacker, usually using cryptocurrency or another shady form of payment, said attacker gives the victim a key that will return their data to them, though this key will only work once, and it only works for this one victim.
I could delve into the varieties and details of malware for many hours and not even come close to explaining everything there was to know about the topic. However, the most important thing you should take from this article is how to prevent malware from affecting your systems. No strategy is ever going to be totally foolproof, but there are a few steps you can take to make your systems significantly more secure. For starters, simply keeping all your personal devices up to date will go a long way toward keeping your systems safe. That is the bare minimum. For more comprehensive protection, invest in security software programs like antivirus and firewalls; there are decent, free solutions for individual home users that are much better than nothing as well. Businesses should consider more mature solutions such as EDR or Endpoint detection and response, MDR or managed detection and response, and/or XDR or advanced detection and response; these are platforms that are not dependent on virus signatures or other legacy controls. Businesses should also train their employees on avoiding suspicious links and other phishing strategies, and everyone should use different, strong passwords for all their accounts online: business and personal. In preparation for the worst-case scenario, regular backups for important data will prevent cyberattacks from crippling you if you cannot avoid one.
Malware is a persistent threat that can have serious consequences for individuals, organizations, and even nations. Ransomware especially has proven to be a serious threat, with new attacks happening roughly twenty times a second. However, by taking a proactive approach to cybersecurity and implementing best practices to prevent, detect, and respond to malware attacks, we can minimize the risk of compromise and protect our valuable data and systems. Remember to stay vigilant, keep your devices and security software up-to-date, and educate yourself and your employees about the latest threats and attack vectors. With these measures in place, we can ensure a safer and more secure digital future. And if you need help recovering from a cyberattack, as always, feel free to give us a call at 423.578.8000.
Comments