In Spring 2017, much of the digital world was in a panic as WannaCry swept across the globe, infecting computer networks and bringing businesses, universities, law enforcement, healthcare facilities and many others to a halt.
The group claiming responsibility for the cyberattack took advantage of a vulnerability found in Windows software, and was able to penetrate systems and take over a user’s computer. When users tried accessing their systems, a message appeared informing them that their files had been encrypted. The criminals demanded payment in exchange for restoring their data.
Many news reports referred to the attack as a virus; others labeled it as ransomware or malware. Is there a difference between a virus and ransomware? What about malware? While all have similarities and spell bad news for computer systems, we’ll try to make some distinctions to help you better understand each, starting with a brief history lesson.
The first known computer virus was developed in 1971 as part of an experiment by an engineer at BBN Technologies. Known as the “Creeper” virus, it infected mainframes at the U.S. Advanced Research Projects Agency. Their network systems served as a precursor to the internet we know today. The term “computer virus,” however, didn’t become popular until 1983.
Early on, viruses were generally more of a hoax and served as an annoying inconvenience for those affected. But as more and more sensitive information was being shared across the internet, tech-savvy criminals quickly realized the potential financial gains to be had from accessing that data and developed programs and codes that would attach themselves to computer programs and files.
These computer viruses, much like a human virus, spread quickly throughout systems. The transmission of the “disease” most often begins with an innocent click of the mouse. The victim typically opens an email and is tricked into clicking on a link. Once that happens, the virus attaches itself to the computer’s network and, within seconds, an entire company’s system can become infected. Users can help guard themselves and their organization from such attacks by knowing the warning signs of an email scam.
There are multiple versions that fall under the umbrella of a virus. Ransomware and malware are the types that most people are familiar with. While the way in which each one infects a computer network may be similar, the end goal of the cybercriminal behind them creates the distinction:
According to Merriam-Webster, a ransom is a sum “paid or demanded for the release of someone or something from captivity.” That describes ransomware to a tee. Those who infect computers with viruses such as WannaCry or Petya — another hack listed among several notable 2017 cyberattacks — hold computers and systems hostage until their demands for payment are met. In short, ransomware requires that the victim “pay up.”
And unfortunately, they often do. Ransomware spiked 6,000% in 2016 from the year before, and most victims paid the hackers, according to a study by IBM. The same study found that half of those who paid a ransom dished out more than $10,000 and 20% paid more than $40,000.
Malware is short for “malicious software,” which reveals its intent. Technically, ransomware is a form of malware, as it clearly is malicious. However, the difference is that a cybercriminal who installs malware may not necessarily demand payment or provide options to restore your content. Their intent is to do harm by corrupting files and rendering systems defenseless. Why is anyone’s guess and, for some, the reason may simply be because they can.
Another goal of installing malware is to steal data. Unlike ransomware, users may not even know that malware has been remotely installed on their systems. This stealth tactic allows hackers to access account information unaware and obtain information that they can use to steal identities, social security numbers, credit card information and other personal data.
Such was the case with the recent Equifax data breach. Hackers exploited a web application vulnerability and gained access to files. While evidence shows the breach began between mid-May and July, the problem wasn’t discovered until July 29, 2017.
Every business needs to protect their systems and the personal information of employees and customers by implementing proactive measures to prevent cyberattacks. Education, up-to-date technology and diligence are important measures, and enlisting the help of a Managed IT provider to fully assess your threat level and your systems will help ensure your data remains secure.