Malware, ransomware, trojans, rootkits, and viruses. You may have heard some or all of these terms. But what do they mean? What is malware? In this article, we will discuss the different types of malicious software (malware) and what the terms mean. This will give you a better understanding of the different types of threats to your practice and how to defend against them. Malware, like real viruses, is constantly changing and mutating. This means we also have to adapt to new threats to protect patient and practice data. Read on to find out what you and your practice can do to stay safe.
What is malware?
Malware is an umbrella term for all malicious software. These include ransomware, viruses, spyware, rootkits, and many more. In a very basic sense, malware is computer code, also called a program, that allows an attacker to perform unauthorized actions on your computers or devices. Most people think the purpose is simply to steal. But that isn’t always the case. Sometimes malware can be used to help an attacker dig deeper into your computer by using exploits. This could allow them to change from a user with lower privileges to an administrator-level user.
Sometimes malware is about maintaining access to a system after it has been hacked (compromised). These tools allow an attacker to keep access via hidden means so that they can come and go on your computer as they wish.
But the most common reason for malware is to steal information or make money in some way.
Different types of malware explained
This is the form of malware that everyone is most likely familiar with. It has been around the longest. A virus is a piece of malicious code that attaches itself to normal, clean programs and waits until a user launches it. When that happens the malicious code works in the background to do whatever it was designed to do.
A worm is a form of malware that is very adept at spreading itself. It worms its way from computer to computer on a network. Hence the name. Because of this, it can infect even very large networks very quickly. The Morris Worm was the first known worm to attack computers in the wild. Another good example of a worm is the Code Red worm.
Rootkits are more specialized programs that work at a much lower level of the computer. They infect the operating system so deeply that they are extremely difficult to remove. Their main purpose is to give an attacker complete control over the device and to be undetectable.
Ransomware works by infecting your computer and then encrypting all the data it contains. This includes documents, pictures, email messages, financial software data (QuickBooks, etc), and others. It leaves your computer’s operating system alone so that you can see the ransom note it leaves behind. The note will instruct you to send a specific amount of Bitcoin to an address to receive the password to decrypt your files. If you don’t, then your data is lost.
Ransomware is all the rage now for attackers. It jumped on the scene in the early 2010s with the sole purpose of making money. The main reason ransomware works is that most users just don’t know how to protect their computers or networks. Ransomware has even become a service that attackers can purchase. They supply the targets and the service attacks for them. Whatever money is made is split between the attacker and the service.
This can cause a huge problem for medical practices since HHS has determined that a ransomware attack is a breach of HIPAA regulations.
Spyware is loosely defined as any software that spies on your computer or device. In the past, this was usually advertisers that wanted to get more information on you so that they could better target advertisements to you. Over the years, this definition expanded to include software that parents install to monitor their children’s activities, spouses to spy on each other (usually their phones), and even nation-states attacking journalists and big-name targets.
Spyware can also be used by attackers to steal your confidential information such as online account logins and credit cards.
The name for this type of malware comes from the legend of the Trojan Horse. Greek soldiers hid inside an enormous statue of a horse that was taken into the city of Troy. Later that night, the soldiers slipped out and opened the gates of the city.
For software, a malicious program may hide inside another completely normal program. When you launch it, the malicious program will execute. It will most likely open up back doors into your computer or network to allow the attacker to gain access.
Exploits are programs that are written to make use of a vulnerability in a specific program such as Windows 10. The exploit will attack the vulnerability to give the attacker either more access to the computer or complete control. This is why patch management is so important to keep these holes plugged.
Your defense plan against malware of all types
The first step in defending your practice is to make sure you are doing proper patch management. This will fix all of the holes that have been discovered so that they can’t be exploited by attackers.
The next step is to have a solid backup plan in place. Sometimes ransomware uses vulnerabilities known as 0-day vulnerabilities. These are recently discovered holes in a program that the manufacturer doesn’t yet know about or have a patch for. The Petya ransomware is an example of this type of attack. It wouldn’t matter how good your defenses were in this case. The best defense is a good backup that you can restore from and get back up and running.
From there, make sure your office has a good quality firewall in place. Many forms of ransomware are able to access networks because there is no firewall in place to stop them. The practice may have allowed users to remotely access the network without a VPN.
Finally, install commercial-grade anti-virus software. This means don’t use free software on your computers. Why? Free software doesn’t usually have real-time scanning. It will scan your computer on a schedule. By that time, you are already infected, and it’s too late. Real-time scanning is watching everything 24/7. As soon as it sees suspicious activity, it stops it and quarantines the file in question. This is absolutely critical in stopping the spread of attacks like ransomware.
Following these steps will greatly reduce your chances of being exposed to an attack from most kinds of ransomware.