Updated: Dec 6, 2022
In Part 1 of this data protection and security series, we discussed the most common types of cybersecurity attacks – Phishing, Smishing, and Vishing. Continuing our overview, we’ll address two more strategies of cyberattacks against data protection and security – Malware and Ransomware. Unfortunately, cybercriminals continue to evolve in the many ways they can attack and exploit your private information.
Malware, short for Malicious Software, is an all-encompassing term that covers a variety of cybersecurity breach tactics deployed in a variety of ways such as viruses, trojans, spyware, adware, worms, and others. While malware is sometimes used for white hat purposes, a lucrative dark web industry is growing and thriving around malware being developed and deployed for many criminal purposes impacting data protection and security, but a prominent objective of malware is to steal money.
Malware software is written to steal and collect information with monetary value such as banking information, account login credentials, private business data and intellectual property files, human resources and personnel health records, and other data that would cause significant negative financial impact or loss of personal or organizational privacy if breached. Malware can also be designed to monitor users’ online activity and keystroke history (called spyware), disrupt computer systems and networks, take control of devices remotely, corrupt user files and/or applications, and otherwise limit access or destroy data.
Another danger of malware is that it can easily spread from one computer or network to another. Malware may get into your system bundled with some free program or file that you download from the Internet, it may arrive embedded in a file that is shared with you, may be introduced from an external storage device such as a thumb drive that is infected, or it may install itself via an email attachment that you open. A seemingly helpful popup antiviral message on your screen may be the very transport vehicle that infects your system with malware when you download and install its antiviral update.
Many sophisticated and deceptive techniques are used to deploy malware into your system – and you may not even be aware of the infection until a problem occurs. Like receipt of a “ransom note.”
Ransomware is one of the most serious types of malware as its goal is to hold valuable information hostage and extract money from you in exchange for its safe return. Ransomware encrypts your data, making it unreadable by you, or otherwise locks you out of access, and then demands payment to unlock and return your information. Often, ransomware criminals work in teams, turning these efforts into thriving business ventures, combining their technical knowledge to write malicious code and infiltrate systems, and then divide among themselves the funds they are able to extract from their victims.
Because the monetary return can be so much greater, ransomware attacks are more often made on large businesses and other organizations since they can pay much more to get their information back, but individuals are not exempt from these attacks. Attacked businesses usually prefer to just pay the ransom fee rather than have to publicly announce a major data breach or deal with disruption to daily business operations. The ransom fees get paid even though the victimized organization has no guarantee that the information will be returned in its entirety or even in part.
There is also no guarantee that the organization will not be subject to multiple payments for return of the same information or be forced to pay new ransom fees in the future.
Ransomware results in millions of dollars lost every year and can be very difficult to remove once it has infiltrated a computer system or network.
Mitigating Malware Attacks.
Indications that malware is present may include but are not limited to: poor or declining system performance, sudden inability to access accounts, files, or folders, and missing, corrupt, destroyed data. If you suspect your computer or network is infected with malware, corrective action should be undertaken immediately. Removal of the malware may be challenging, and you may need to seek a professional service provider to clear your system.
To avoid a malware attack:
• Be vigilant for indications such as those mentioned above when your computer or network is not functioning as expected.
• Use caution if/when downloading unknown files and software applications from unfamiliar sites on the Internet as they may be bundled with malware or the websites themselves may be infected.
• Be aware that a simple phishing email may launch the attack on your system. Do not click links in emails or download attachments from senders you don’t know.
• Ensure that your system is under continuous malware surveillance with cybersecurity software and kept up to date with the latest protective releases.
• Keep a clean, external backup (not stored on the same system) of your important files so that you may be able to restore your data in case of a destructive attack on your system.
Gold Comet takes cybersecurity breach mitigation protocols seriously and we strive to create products that protect your information through multi-layered encryption and protected cloud storage. As stated, malware attacks often begin with one simple phishing email that opens your whole network to vulnerability. Our patented email messaging system mitigates malware because it only allows receipt of emails from points of contact on your whitelist – no other emails get through to your inbox, thus you’re protected from spam and other unwanted contacts attempting to invade your privacy. For more information, review our How It Works pages for businesses and individuals.