Malware/Ransomware – How Do I Get Infected By Malware?

3 Mins read

e-InnoSec team recently completed a 6-part series that guides organizations with leveraging GDPR preparation for CCPA. Here are the links for that series.

Part III –

Part  IV –

Part V –

Part VI –

We wish to address the problem faced by small organizations because of Malware/Ransomware.

We will briefly address the do’s and don’ts for organizations to follow. We will also breakdown Malware in four parts.

Malware, or “malicious software,” is an umbrella term that describes any malicious program or code or any piece of software that was written with the intent of damaging devices, stealing data, and generally causing a mess.

Ransomware is a type of malicious software, or malware, designed to deny access to a computer system or data until a ransom is paid. Ransomware typically spreads through phishing emails or by unknowingly visiting an infected website. Ransomware can be devastating to an individual or an organization. This kind of malware typically locks down your computer and your files and threatens to erase everything unless you pay a ransom. A brief about different types of ransomware:

  • Cryptolocker – Cryptolocker is known for encrypting the user’s files and requires a payment later to open it.
  • Locker Ransomware – Locker is similar to a crypto locker. If a crypto locker encrypts the files, lockers ransomware locks the files to deny access to the user and demands a ransom to restore the files.
  • Bad Rabbit – Bad Rabbit is a dangerous malware because it encrypts not just the files but also the computer’s hard disk. It also prevents Windows from booting normally.
  • Zcryptor – A self-replicating malware that infects the computer and the USB drive, and spreads through spam or deceptive software installer.
  • Jigsaw – Jigsaw is capable of encrypting and deleting files. It encrypts the files first and deletes it after an hour if the user fails to pay the ransom.
  • Petya – This is another dangerous ransomware example that can destroy the operating system by overwriting the original data. Petya infects the entire computer system.

The next question is “How do I get malware?”

PeopleMalware attacks would not work without the most important ingredient: you; willing to open up an email attachment you don’t recognize, or to click and install something from an untrustworthy source.
Internet and EmailThe Internet and email are the two most common ways that malware accesses your system.
InternetAnytime you are connected to internet there is risk of malware infection. Any time you download information from internet there is chance of malware infection in absence of anti-malware security software.
Websites,Playing demos of games, downloading infected music file, surfing through hacked websites, install new toolbars from an unfamiliar provider, or opening a malicious email attachment can cause malware to penetrate into your computer systems.
Install or Download programMalicious apps can hide in seemingly legitimate applications, especially when they are downloaded from websites or messages instead of a secure app store.
Permission to Access DataCheck the warning messages when installing applications, especially if they seek permission to access your email or other personal information.
Third Party AppsInstalling mobile apps from unknown third parties. The trusted source for mobile app is downloading app directly from vendors.
Free OffersThe bad actors out there, throw tainted bait at you with an offer for an Internet accelerator, new download manager, hard disk drive cleaner, or an alternative web search service.
Extra ComponentThis extra software, also known as a potentially unwanted program, is often presented as a necessary component, but it often isn’t.
Social EngineeringUse of social engineering to trick you in clicking or installing software or opting for free offers.
Malicious WebsitesIt’s even possible that just visiting a malicious website and viewing an infected page and/or banner ad will result in a drive-by malware download.

Related posts

Prevention, Detection, and Recovery from Cyberattacks Part III

2 Mins read
Is Zero Trust a model for effective and efficient security? We are adding a third blog post in the series of Prevention, Detection, and Recovery…

Prevention, Detection and Recovery from Cyberattacks

2 Mins read
This is a sixth blog post in the series of Prevention, Detection, and Recovery from Cyberattacks. The global survey conducted by Ponemon Institute and sponsored…

Prevention, Detection, and Recovery from Cyberattacks - Part II

2 Mins read
The second blog post in the series of Prevention, Detection, and Recovery from Cyberattacks. The global survey conducted by Ponemon Institute and sponsored by IBM…

Leave a Reply

Your email address will not be published. Required fields are marked *