Browse Definitions :

Malware vs. ransomware: What's the difference?

Ransomware is a type of malware. It encrypts files and demands a ransom before allowing victims to regain access.

Cyber attacks are taking place globally, and no one is safe. As the technology advances, so do scammers and cybercriminals. These attacks exploit digital device weaknesses, enabling attackers to access systems and files.

The terms malware and ransomware are often used interchangeably, but this is wrong. Ransomware is a subset of the greater malware umbrella term.

Here is an explanation of each term, and how they differ.

Malware

Malware is an umbrella term for any malicious code or program that gives an attacker explicit control over a system. It's a broad term that refers to all types of malicious programs, including:

  • Ransomware. This type of malware infects a computer system and encrypts the data. Attackers then demand a ransom to decrypt the data so the victim can regain access.
  • Rootkits. This delivery method for other malwares hides in the deepest corner of a computer. It delivers malicious payloads such as keyloggers and spyware.
  • Scareware. This is an app or webpage that pops up and attempts to frighten victims into buying unnecessary software or providing their financial data.
  • Spammers. Malicious code sets up shop on a computer and pumps out thousands and thousands of spam emails. This type of malware uses a victim's system as an email blast platform.
  • Spyware. Spyware records the activities of unwitting users -- such as websites they visit and information about their computer systems. Spyware that records keystrokes is called a keylogger. It is designed to steal credit card numbers, passwords, bank account numbers and other sensitive data.
  • Trojans. A Trojan malware looks like an innocuous file but secretly delivers a malicious payload.
  • Viruses. This is a generic term for malware that does nothing but damage your computer and delete files.
  • Worms. This is a standalone program that can self-replicate and spread over a network. They aren't very common anymore and were often forms of mischief.

Ransomware

Ransomware is malware that takes a computer system hostage. Attackers then demand those users pay a ransom to regain access to their system. Ransomware is usually delivered as an attachment via email but can also be downloaded from the web.

Ransomware operates like a Trojan in that the malicious payload is delivered by another source. Once the payload infects a system, it executes the download of the ransomware software.

Ransomware is malware that takes a computer system hostage. Attackers then demand those users pay a ransom to regain access to their system.

The ransomware then scours the infected computer system for vital files -- such as Word documents and Excel sheets -- and encrypts them with an unbreakable encryption key. This locks victims out of their systems.

The victim's computer is useless except to do one thing -- pay the ransom. With some malware, a computer can be booted using a flash drive. This drive has a special operating system and anti-malware software to clean the infected system. But ransomware takes over a computer so thoroughly that it's doubtful a victim can get their operating system back.

And even if a victim can get access to the encrypted files, they will be useless because they are encrypted. To decrypt files and regain access to the system, victims need a decryption key, which is obtained by paying a ransom to the attackers. Ransom is usually demanded in bitcoin or other cryptocurrencies because they are easier to move around.

Learn how Colonial Pipeline operations came to a halt when a ransomware attack infected its systems.

Differences between malware and ransomware

Here is a side-by-side glance of how malware and ransomware function:

Malware Ransomware
Any malicious code designed to do a variety of actions, including damaging files and stealing bank account information. Specifically designed to lock victims out of their computer and files until a ransom is paid.
Delivered in many ways, including email, USB drives, network worms, Trojans and visiting malicious websites. Primary form of infection is targeted email attacks with malicious attachments.
Much malware can be stopped or removed by antivirus software. Extremely hard if not impossible to remove once infected.
Some malware exists just to be a jerk or remotely take over a computer. Ransomware is severe criminal activity because it involves financial blackmail.
It can significantly degrade a computer's performance. It completely takes over a computer.

Protecting against malware and ransomware

Effective antivirus protection should be used at all levels of the enterprise -- including end user computers and servers -- along with a firewall. Effective security means securing all layers of the network, not just the endpoint.

The antivirus market is enormous, and there are many kinds of software to choose from. Choose carefully and thoroughly, getting input from security experts, peers and colleagues. Also, look over AV-Test, a neutral antivirus software test organization.

Another way businesses can protect themselves from a ransomware attack is to create system backups. This enables businesses to restore their data without paying a ransom. 

Above all, businesses must train staff to never open attachments from unknown senders. Good antivirus software scans all attachments when they come into a user's inbox, but if a malicious payload gets through, common sense needs to prevail.

Even if an attachment comes from a known sender, it's a good idea to check and see if that person sent it. A common method of malware replication is to go through an infected user's address book and send malicious code to every address it finds. Ransomware operates like this as well.

Next Steps

17 ransomware removal tools to protect enterprise networks

Prepare and conduct a ransomware tabletop exercise

Malware vs. ransomware: What's the difference?

Dig Deeper on Malware

SearchCompliance
  • risk reporting

    Risk reporting is a method of identifying risks tied to or potentially impacting an organization's business processes.

  • risk profile

    A risk profile is a quantitative analysis of the types of threats an organization, asset, project or individual faces.

  • risk appetite

    Risk appetite is the amount of risk an organization is willing to take in pursuit of objectives it deems have value.

SearchSecurity
SearchHealthIT
SearchDisasterRecovery
  • What is risk mitigation?

    Risk mitigation is a strategy to prepare for and lessen the effects of threats faced by a business.

  • fault-tolerant

    Fault-tolerant technology is a capability of a computer system, electronic system or network to deliver uninterrupted service, ...

  • synchronous replication

    Synchronous replication is the process of copying data over a storage area network, local area network or wide area network so ...

SearchStorage
  • cloud archive

    A cloud archive is storage as a service for long-term data retention.

  • cache

    A cache -- pronounced CASH -- is hardware or software that is used to store something, usually data, temporarily in a computing ...

  • archive

    An archive is a collection of data moved to a repository for long-term retention, to keep separate for compliance reasons or for ...

Close