Malware and Ransomware – N10-008 CompTIA Network+ : 4.2

Malware infections can create unexpected downtime and data breaches. In this video, you’ll learn about malware and ransomware.

Malware is software that’s been installed onto your system that’s designed to be malicious. For example, you might have malware installed that gathers information from the keystrokes that you press into the keyboard. Or it may turn your computer into one of many different devices on a botnet, and it would be controlled by a third party. Or the attackers may have installed software that constantly shows you advertising, and puts money into the pocket of the attacker. Or you may find that some viruses and worms will encrypt data on your network, and prevent you from gaining access to your personal files.

There are many different types of malicious software. We commonly would refer to viruses as a generic term for software that gets installed onto our system, but a virus is generally software that you as the end user would install, rather than the software finding a vulnerability to install itself onto your computer.

We’ll talk about ransomware also in this video, but ransomware is a significant category of malware, and one that you want to prevent from being installed onto your system. A worm is malware that’s very similar to a virus, but a worm can move around from system to system without any type of user intervention. A Trojan horse is malware that convinces the user that it’s OK to install because it pretends to be software that’s not malicious.

A rootkit is a relatively uncommon type of malware, but once it installs onto your system, it’s very difficult to identify and remove from that system. Malware that installs itself as a keylogger will monitor and store all of the keys that you press, including those that include your username and password. Adware and spyware is malware that will present advertising to you, or watch where you visit on the internet. And if your system does become part of a botnet, then you’ve installed malware that allows a third party to take control of your system.

There are many different ways for a system to be infected with malware. One common way is to have a worm that takes advantage of a known vulnerability in your system, which doesn’t require any type of user intervention at all. To be able to prevent these worms, you would always make sure that you’re running the latest updates for your operating system. Once this malware is executed on your system, it might install software that would include a remote access back door. This allows the malware to then call out to a separate server, so that additional malware can then be downloaded and installed on your computer.

In any of these cases, there has to initially be some software that’s running in your operating system. This can happen by clicking a link inside of an email, perhaps it’s a pop-up on a web page that you happen to click on, or you visit a website and a file is automatically downloaded to your computer. If you don’t update your operating system with the latest patches, there might be a vulnerability that a worm takes advantage of, so you didn’t have to click anything for your system to be infected.

This is why we always tell you to keep your operating system up to the latest series of patches. There’s usually an update process within your operating system that can check for any new updates and install those updates in your system. You might also want to check with all the manufacturers of the software you use on your computer to make sure that all of your applications are patched to the latest version.

Attackers have realized that disrupting your day is not enough. They want to be able to get money from you, and one of the ways they do that is by removing your personal files from a system and holding those files for ransom. We refer to this as ransomware, because the attacker is going to take all of your personal files and hold them for ransom.

Anything that’s a picture, a document, or an image, or anything else that your personal data will be encrypted, you usually see a message that says your personal files are encrypted, you’ll have a certain amount of time that you have to respond before all of your files are deleted, and usually you would send some type of cryptocurrency in exchange for the decryption key.

This is very strong encryption, it very commonly takes advantage of public key cryptography, which makes it very difficult to be able to reverse engineer or find the key yourself. Very often, your only choice is to pay the attacker for the decryption key so that you can then gain access to all of your personal files.