Ransomware and malware are two terms that are sometimes used interchangeably, but there are differences. Malware, short for malicious software, is an umbrella term that includes ransomware. That means that all ransomware is malware — but not all malware is ransomware.
Let’s delve deeper into the nuances of these two types of cyberattacks.
What Is Malware?
Malware describes all types of malicious software, including:
- Trojan horse. Malicious code or software that acts like a legitimate application or file, tricking users into executing malware on their device.
- Virus. A type of malware that is designed to spread from one computer to another.
- Rootkits. A type of malware that is designed to give access to an otherwise unauthorized area of a computer.
- Spam bots. Bots are simply applications designed to perform repetitive tasks. Bots fall into the malware category when they perform malicious tasks, like direct web traffic as a part of a DDoS attack or spread spam.
- Worms. A standalone malware program that replicates itself to spread to other systems.
- Adware. Software that displays banner advertisements while running.
- Spyware. Any software designed to gather user information without their knowledge.
Software is defined as malware when it is intended to create damage to a computer, network or server. Systems can be infected with malware when users visit suspicious websites or download unreliable applications. Threat actors can also manually install malware onto a user’s computer or network by gaining physical access to the computer or by using techniques such as privilege escalation to obtain remote administrator access and move laterally throughout the network.
What Is Ransomware?
Ransomware is a type of malware in which a threat actor encrypts a victim’s files and systems and demands payment in exchange for access to those files. Sometimes threat actors will disguise themselves as a government agency or other authority, claiming that the system is locked down for security reasons.
Threat actors can launch and execute ransomware attacks in a variety of ways. Phishing is one of the more common ways, or when a user clicks a suspicious link or attachment. These can often be in the form of social engineering attacks in which threat actors disguise themselves as legitimate corporations or colleagues.
Other stages in a ransomware attack include escalating privileges to gain domain or admin account permissions, executing files, exfiltrating data, and finally, deploying the ransomware and demanding payment.
Ransomware vs. Malware
|Delivery method||Malicious attachments via phishing emails||Links, emails, app installations, suspicious websites, USB
|Ease of removal||Extremely difficult; victims must either pay the ransom or restore from known backup||Moderate; antivirus software can usually remove an infection
|Variety||Limited; the only two types of ransomware are crypto and locker||Includes all types of malicious software, including trojan horses, viruses, etc.
|Impact ||The impact of ransomware is often severe and long-lasting. Many businesses have shut down operations due to ransomware attacks.||Commodity malware can control data and resources; reduce system performance; but it generally doesn’t destroy a business
Learn More About Malware and Ransomware
In our webinar with Blumira’s Mike Behrmann, Director of Security and Erica Mixon, Content Marketing Manager, you can learn more about malware vs ransomware, as well as how to develop a comprehensive incident response plan for malware infections. Watch it on demand.