When people think of malicious software, computer viruses are often the first thing that come to mind, but ransomware is a far more common threat.
Terms like ‘threatware’, ‘malware’ and ‘ransomware’ are often used interchangeably, but there are important differences. Understanding these differences is important not only for knowing what you’re up against, but also how to protect against them. A mature cybersecurity strategy revolves around the fact that cyberthreats come in many different forms, using a multitude of different attack vectors, such as social engineering, hacking, and malicious software.
What is threatware?
Threatware is synonymous with malicious software, which is also known as malware. These are umbrella terms referring to any kind of software program designed for malicious purposes, such as stealing confidential information or causing disruption to the victim’s computer.
The oldest and best known form of malware is the computer virus. One of the first documented computer viruses was the Creeper program, developed way back in 1971 as an experiment. What makes computer viruses unique is their ability to self-replicate, just like a biological virus.
Today, however, computer viruses encompass only a small part of the threatware footprint. Cybercriminals rarely rely on viruses, since they’re relatively easy to protect against using any consumer-grade antivirus programs, including those built-in with modern operating systems.
Another common and well-established form of threatware is the Trojan horse, which consists of a client and a server. The client is installed on the victim’s computer without their knowledge, while the server is installed on the attacker’s computer, giving them access to and control over their victim’s machine. A similar type of malware is the keylogger, which records all keystrokes on the victim’s computer to steal things like usernames and passwords as they’re entered.
Not all threatware is designed to steal data. Some forms of malware, such as computer worms, are primarily designed to cause disruption by slowing down networks or filling up drive space as they self-replicate. Cryptojacking malware is one of the most common threats today, since it consumes computing resources to mine cryptocurrency on behalf of the attacker.
What is ransomware?
Ransomware is a form of extortion that rose to global prominence with the WannaCry attacks in 2017. Ransomware encrypts the files on an infected system before confronting the victim with a ransom message demanding a payment in untraceable cryptocurrency before they can regain access. Some ransomware will start permanently deleting the encrypted files if victims fail to pay the ransom within a given deadline.
The most dangerous form of ransomware is the double extortion tactic, which involves stealing the data before it’s encrypted. In these cases, the attacker may also threaten the victim that they will publish any sensitive information stolen if they don’t meet their demands.
Ransomware is one of the fastest-growing threats of all, which is due in part to the proliferation of ransomware-as-a-service (RaaS) on the dark web. With RaaS, the ransomware developers recruit others to spread their ransomware in return for a cut of the profits, mirroring in many ways the practices of legitimate software-as-a-service companies.
Protecting against ransomware, as well as any other form of threatware, requires a proactive and multilayered approach including security awareness training and malware scanning, along with a robust backup and disaster recovery program. You can’t expect to prevent every threat from the start, which is why cyber resilience involves security in depth and multiple layers of protection.
For example, a ransomware backup strategy should incorporate continuous threat scanning across your entire network, including cloud instances and storage assets and inside their backups. If ransomware does still manage to infect your production systems, having an immutable and backup (that has been thoroughly inspected for ransomware and malware) stored in an isolated environment will allow you to recover quickly and with minimal disruption.
Elastio auto-detects new workloads in your AWS environment, scans them for ransomware, and creates highly recoverable, immutable backups that are compressed and deduplicated for cost efficiency.