How Do I End Up Infected by Malware or Ransomware?

The SecuRetain team recently completed a 6-part series on using GDPR to prepare for CCPA compliance. Now, we're diving into a 4-part series focused on helping organizations defend against Malware and Ransomware.

1. Part I - How do I get malware?
2. Part II - Different types of malware
3. Part III - How can I tell if I have a malware infection?
4. Part IV - How to protect against malware?

SecuRetain also wants to address a pressing issue that many small organizations face today: Malware & Ransomware Threats. Here's a breakdown of what small businesses should know, including the do’s and don'ts when it comes to cybersecurity.

What is Malware?

Malware, short for 'malicious software,' is a broad term used to describe any program or code designed to harm your devices, steal data, or cause disruption.

Ransomware is a particularly dangerous type of malware, designed to lock or encrypt your system or files, demanding a ransom payment for restoration.

Popular Types of Ransomware

These dangerous programs can take several forms, each with its own modus operandi:

1. Cryptolocker: Encrypts files and demands payment to decrypt them.
2. Locker Ransomware: Locks access to files, demanding ransom to restore access.
3. Bad Rabbit: Encrypts files and the computer's hard drive, also blocks Windows booting.
4. Zcryptor: A self-replicating malware that infects computers and USB drives, spreading through spam.
5. Jigsaw: Encrypts files and deletes them after an hour if the ransom is not paid.
6. Petya: A dangerous malware that can overwrite system data and destroy the operating system.

How Do I Get Infected by Malware?

While malware can come from a variety of sources, the main culprits often involve human error or vulnerabilities in everyday actions. Below are common ways malware can sneak into your system:

1. People You're the key link. Malware attacks often depend on your willingness to open a suspicious email attachment or click on untrustworthy links.
2. Internet & Email The internet is a frequent gateway for malware infections. Downloading content without anti-malware protection can expose you to risks. Email phishing is another common attack vector.
3. Websites Just visiting malicious websites, downloading infected files (like music, games, or toolbars), or clicking on a harmful ad can cause malware to invade your system.
4. Downloading Programs Many malicious apps hide in seemingly legitimate software, especially when downloaded from third-party sites instead of secure app stores.
5. Permissions & Data Access Always be cautious when apps request access to your data or permissions that seem unnecessary for their functionality.
6. Third-Party Apps Avoid installing mobile apps from unknown sources—always stick to trusted platforms like Google Play or the Apple App Store.
7. "Free" Offers Be wary of too-good-to-be-true offers, like free software tools or services. These often disguise malware.
8. Extra Components Often bundled with seemingly useful programs, “extra components” can be sneaky ways for malware to sneak in, disguised as essential software.
9. Social Engineering Cybercriminals frequently use social engineering tactics, tricking you into downloading or clicking on malicious software through deception.
10. Malicious Websites Simply visiting an infected website or clicking on a malicious banner ad can trigger a "drive-by" malware download—no action required on your part except visiting the site.