Beruflich Dokumente
Kultur Dokumente
victim's data or perpetually block access to it unless a ransom is paid. While some
simple ransomware may lock the system in a way which is not difficult for a
knowledgeable person to reverse, more advanced malware uses a technique called
cryptoviral extortion, in which it encrypts the victim's files, making them inaccessible,
and demands a ransom payment to decrypt them. In a properly implemented cryptoviral
extortion attack, recovering the files without the decryption key is an intractable problem
– and difficult to trace digital currencies such as Ukash or Bitcoin and other
cryptocurrency are used for the ransoms, making tracing and prosecuting the
perpetrators difficult.
Ransomware attacks are typically carried out using a Trojan that is disguised as a
legitimate file that the user is tricked into downloading or opening when it arrives as an
email attachment. However, one high-profile example, the "WannaCry worm", travelled
automatically between computers without user interaction.
Ransomware is a type of malicious software, or malware, designed to deny access to a
computer system or data until a ransom is paid. Ransomware typically spreads through
phishing emails or by unknowingly visiting an infected website.
Ransomware can be devastating to an individual or an organization. Anyone with
important data stored on their computer or network is at risk, including government
or law enforcement agencies and healthcare systems or other critical infrastructure
entities. Recovery can be a difficult process that may require the services of a reputable
data recovery specialist, and some victims pay to recover their files. However, there is
no guarantee that individuals will recover their files if they pay the ransom.
CISA recommends the following precautions to protect users against the threat of
ransomware:
Update software and operating systems with the latest patches. Outdated
applications and operating systems are the target of most attacks.
Never click on links or open attachments in unsolicited emails.
Backup data on a regular basis. Keep it on a separate device and store it offline.
Follow safe practices when browsing the Internet. Read Good Security Habits for
additional details.
In addition, CISA also recommends that organizations employ the following best
practices:
Restrict users’ permissions to install and run software applications, and apply the
principle of “least privilege” to all systems and services. Restricting these
privileges may prevent malware from running or limit its capability to spread
through a network.
Use application whitelisting to allow only approved programs to run on a network.
Enable strong spam filters to prevent phishing emails from reaching the end
users and authenticate inbound email to prevent email spoofing.
Scan all incoming and outgoing emails to detect threats and filter executable files
from reaching end users.
Configure firewalls to block access to known malicious IP addresses.
Malware (malicious software)
Malware, or malicious software, is any program or file that is harmful to a
computer user. Types of malware can include
computer viruses, worms, Trojan horses and spyware. These malicious
programs can perform a variety of different functions such as stealing,
encrypting or deleting sensitive data, altering or hijacking core computing
functions and monitoring users' computer activity without their permission.
A virus is the most common type of malware which can execute itself and
spread by infecting other programs or files.
Spyware is made to collect information and data on the device user and
observe their activity without their knowledge.
Adware is used to track a user’s browser and download history with the
intent to display pop-up or banner advertisements that lure the user into
making a purchase. For example, an advertiser might use cookies to track
the web pages a user visits to better target advertising.
Keyloggers, also called system monitors, are used to see nearly everything
a user does on their computer. This includes emails, opened web-pages,
programs and keystrokes.
Mobile malware
Malware can also be found on mobile phones and can provide access to the
device's components such as the camera, microphone, GPS or
accelerometer. Malware can be contracted on a mobile device if the user
downloads an unofficial application or if they click on a malicious link from an
email or text message. A mobile device can also be infected through a
Bluetooth or Wi-Fi connection.
Malware is found much more commonly on devices that run the Android OS
comparatively to iOS devices. Malware on Android devices is usually
downloaded through applications. Signs that an Android device is infected
with malware include unusual increases in data usage, a quickly dissipating
battery charge or calls, texts and emails being sent to the device contacts
without the user's knowledge. Similarly, if a user receives a message from a
recognized contact that seems suspicious, it may be from a type of a mobile
malware that spreads between devices.
Apple iOS devices are rarely infected with malware because Apple carefully
vets the applications sold in the App Store. However, it is still possible for an
iOS device to be infected by opening an unknown link found in an email or
text message. iOS devices will become more vulnerable if jailbroken.
A user may be able to detect malware if they observe unusual activity such as
a sudden loss of disc space, unusually slow speeds, repeated crashes or
freezes or an increase in unwanted internet activity and popup
advertisements. An antivirus tool may also be installed on the device that
detects and removes malware.These tools can either provide real-time
protection or detect and remove malware be executing routine system scans.
History
The term malware was first used by computer scientist and security
researcher Yisrael Radai in 1990. However, malware existed long before this.
One of the first known examples of malware was the Creeper virus in 1971,
which was created as an experiment by BBN Technologies engineer Robert
Thomas. Creeper was designed to infect mainframes on ARPANET. While the
program did not alter functions, or steal or delete data, the program moved
from one mainframe to another without permission while displaying a teletype
message that read, "I'm the creeper: Catch me if you can." Creeper was later
altered by computer scientist Ray Tomlinson, who added the ability to self-
replicate to the virus and created the first known computer worm. The concept
of malware took root in the technology industry, and examples of viruses and
worms began to appear on Apple and IBM personal computers in the early
1980s before becoming popularized following the introduction of the World
Wide Web and the commercial internet in the 1990s.
Similar programs
There are other types of programs that share common traits with malware but
are distinctly different, such as a PUP, or potentially unwanted program.
These are typically applications that trick users into installing them on their
system (such as browser toolbars) but do not execute any malicious functions
once they have been installed. However, there are cases where a PUP may
contain spyware-like functionality or other hidden malicious features, in which
case the PUP would be classified as malware.