Malware, a contraction for "malicious software," is intrusive software that is designed to cause damage to data and computer systems or to gain unauthorized access to a network. Viruses and ransomware are both types of malware. Other forms of malware include Trojans, spyware, adware, rootkits, worms, and keyloggers. The term virus is used less often today; most use the generic term malware instead.
A virus is a type of malware that self-replicates by inserting its code into other software programs. It spreads from one computer to another, leaving a path of destruction as it propagates. Viruses can range in severity from causing mildly disturbing effects to severely damaging data or software. Since viruses are designed to disrupt a system's ability to operate, they can cause significant operational issues and data loss.
Ransomware, while also being a malware, is different: It encrypts the victim's data and a hacker demands the victim pay a ransom. Only once the ransom is paid will the hacker sends a decryption key to restore access to the victim's data. The ransom can range from a few hundred dollars to millions of dollars. Typically, payment is demanded in the form of a cryptocurrency, such as bitcoins. The demand often involves a deadline, after which time the ransom might increase or the data will be deleted. In some cases, a decryption key is not sent even after payment of the ransom.
Viruses typically attach to an executable host file, which means the virus may exist on a system but lays dormant until the file is opened or executed. Once opened or executed, the virus spreads to another computer using a network, removable media, drive, file sharing methods, or through infected email attachments. A virus is often associated with a worm, which is a type of malware that clones itself to spread to other computers and performs various damaging actions on the systems it infects. Worms are standalone software, unlike viruses.
Ransomware is typically distributed through a few main avenues. These include phishing emails, malvertising (where legitimate online advertising is hacked to spread malware), and exploit kits. After it is distributed, ransomware encrypts selected files and notifies the victim that payment is required to unlock the data. Ransomware can spread like a worm.
Advanced threats like viruses and ransomware evolve over time, so "defense in depth" is key to prevention and response. Having a data backup can be critical when it comes to ransomware response. While backups can help, the cost and time needed to restore an entire department or domain can also be key factors for response. Working with incident response specialists who are available 24 hours a day, all year, globally can also help.