Ransomware vs. malware

Many people confuse malware with ransomware, thinking the terms refer to the same thing. While both refer to software that can harm an organization or individual, the terms have some key differences you should know to better protect yourself from cyberattacks. Ultimately, threat actors can use either malware or ransomware to impede an organization's ability to perform operations and protect data. 

Improving your digital security starts with understanding what malware and ransomware are, how they differ, and why you need to protect your business  against them. It’s also worth noting that viruses differ from malware. 

In this article, we’ll discuss how to protect your devices and data from all types of digital threats. 

What is malware?

Malware is short for malicious software. It's a term that encompasses many different kinds of software designed to harm a victim. It’s important to note that ransomware falls under the broader category of malware — meaning all ransomware counts as malware, but all malware does not count as ransomware.

Malware generally refers to any program with the purpose of hacking, damaging, or disrupting a device, server, or network. It’s often designed to get you to download an attachment, email, or program that would give a threat actor the ability to access your system and gain control over it. 

Malware can be transmitted either digitally or manually. Digital transmission often occurs when a user downloads an application containing malware or visits a suspicious website. Another example of digital transmission is an email containing a malicious attachment.

Manual transmission is much less frequent, but still presents a risk. In this scenario, a threat actor installs malware manually onto a user's network or computer. For instance, a threat actor could install dangerous software after physically accessing a target's computer, or  a threat actor might gain remote administrator access to a network, allowing them to install malicious software. 

Since malware covers so many different types of malicious software, it can carry different degrees of danger. For example, spyware is designed to hide inside a user's device and steal their personal data, leading to fraud and theft. In contrast, adware is less dangerous, as it will usually just show banner ads that slow down a computer processing and result in a poor user experience. 

Types of malware

To protect your company from attacks, watch for these main types of malware. 

1. Cryptojacking 

Unauthorized mining of cryptocurrency usually using a website infected with JavaScript code

Cryptojacking refers to the practice of mining cryptocurrency from someone else's computer without their permission. This unauthorized mining often occurs after a user visits a website infected with JavaScript code. The malicious code auto-executes on a user's computer, giving a bad actor the opportunity to mine cryptocurrency from it. Cryptojacking can also happen after a bad actor gains access to a user's computer via phishing.

2. Worms

A worm refers to a malware program designed to automatically spread to other systems by replicating itself. Unlike viruses, worms are standalone programs and don't require a host file to self-replicate and spread throughout a network. 

3. Rootkits

Bad actors use rootkits to give themselves access to sections of a computer they are not authorized to access. With a rootkit installed on a victim's computer, a threat actor can configure a victim's system and launch files on the device. With this access, a threat actor can steal information and spy on a victim's device usage.

4. Spyware

Software created to collect personally identifiable information (PII) without consent

Spyware is an overarching term that refers to any software made to collect user information without consent or knowledge. Threat actors may use spyware to collect personally identifiable information (PII) for malicious purposes. Stolen PII may include login information, contact information, Social Security numbers, IP addresses, and more. 

5. Spambots

In their most basic form, bots are applications made to perform a repetitive task or tasks. Bots only qualify as malware when they come in the form of spambots. These kinds of bots perform malicious acts, such as spreading spam or taking part in a distributed denial of service (DDoS) attack by directing web traffic. Some spambots can also steal passwords, record keystrokes, and take financial information.

6. Adware

Software designed to display banner advertisements while it is running qualifies as adware. Individuals may unknowingly download a program or visit a website infected with adware, contaminating their device with this type of malware. Adware may display misleading and fraudulent ads, track browsing history to show targeted ads, or sell data to third parties.

7. Trojan horse

Malicious software taking a form of a legitimate file or application

As the name suggests, a Trojan horse refers to malicious software or code that takes the appearance of a legitimate file or application. Since a Trojan horse looks legitimate, users often get tricked into using or downloading it, accidentally allowing malware onto their device or system.

8. Virus

Much like viruses in the physical world, digital viruses are malware created to spread between computers and across systems. Computer viruses insert themselves into a legitimate document or program and can cause data corruption and destruction in the process. 

What is ransomware?

As a type of malware, ransomware is malicious software designed to encrypt a victim's systems and files, only giving access to a threat actor. Once the threat actor has used the software, they hold the files and systems hostage until the victim pays them to receive access to the files and systems again. The threat actor offers to sell the victim a key to decrypt their files or unlock their device, but there is no guarantee they will deliver the key after payment.

A ransomware attack can range from locking a victim's device to encrypting all of a victim's files. Threat actors can conduct ransomware attacks using several different methods. For example, malicious websites and file sharing can both lead to a successful ransomware attack.

The most common method for executing a ransomware attack is phishing or spam messages, where a victim is tricked into downloading or opening a dangerous email attachment. Once the victim opens the attachment, the attachment downloads the ransomware onto their device. 

A threat actor will often make their ransomware attack successful by using social engineering — disguising themselves as a trusted colleague, friend, legitimate business, or government agency. Thinking the email and attachment come from a trustworthy source, the victim unwittingly downloads the ransomware. 

Stages of a ransomware attack

Stages of a ransomware attack - 1. Discovering weaknesses 2. Gaining initial entry 3. Escalating privileges 4. Executive files 5. Exfiltrating data 6. Deploying ransomware

A ransomware attack includes multiple stages that must be executed before the malware can encrypt a victim's files or systems. By knowing the main stages of a ransomware attack, you can more easily spot the signs of a threat actor beginning their attack and take action to stop the attack from progressing.

1. Discovering weaknesses

In the first stage of a ransomware attack, a threat actor scans a victim's network for weaknesses where they might gain entry and deploy the ransomware.

2. Gaining initial entry

Once the threat actor has identified a network weakness, they attempt to gain entry. In this step, the threat actor uses hacking tools to steal a victim's passwords.

3. Escalating privileges

After gaining initial entry, the threat actor attempts to escalate their privileges to access more sensitive data. A threat actor will often create new admin accounts or domains to access higher-level permissions.

4. Executing files

Once the threat actor has sufficient permissions, they execute the ransomware files, installing malware and running malicious processes to gain access to the victim's files and systems.

5. Exfiltrating data

With the malicious files executed, the threat actor “exfiltrates,” or steals, the data. After stealing the data, the threat actor transfers it to command and control servers.

6. Deploying ransomware

Once the data has been successfully exfiltrated, the threat actor deploys the ransomware. In this stage, the ransomware encrypts a victim's data, and the threat actor holds the data ransom, demanding payment for it before they'll release it back to the victim. 

What is the difference between ransomware and malware?

Ransomware most notably differs from malware in its delivery, type variety, removal difficulty, and impact. Find out more about the differences between malware vs. ransomware below:

1. Delivery method

Because malware encompasses several kinds of malicious software, its delivery methods vary

Since malware encompasses several kinds of malicious software, its delivery methods vary. Some of the most common delivery methods include USB devices, dangerous websites, emails, malicious links, and software installations. Given the many delivery methods associated with malware, companies and individuals have to use various kinds of defenses to prevent malware attacks.

In contrast, ransomware's delivery methods are much more limited. While file sharing and dangerous websites can be a method of ransomware delivery, phishing emails are the most common. Threat actors use phishing emails to trick victims into downloading malicious attachments. Since ransomware has fewer delivery methods, companies and individuals normally focus their efforts on stopping phishing attacks.

2. Type variety

Malware includes all types of malicious software — viruses, worms, spambots, spyware, adware, and Trojan horses. Given the range of malware types, threat actors can use many different kinds of attacks against a victim's devices, systems, and networks.

Ransomware takes a few different forms, but the most common types are locker ransomware and crypto-ransomware. 

Locker ransomware is designed to prevent victims from using basic computer functions. A locker ransomware attack could partially disable a victim's keyboard and mouse to deny them access to the desktop. The threat actor will allow a victim to interact with a window featuring the ransom demand and method for paying it. These attacks are usually less destructive, as they typically do not impact critical files and only have the goal of locking a victim out of their device.

Crypto-ransomware is much more invasive and dangerous. This kind of ransomware does not affect basic computer functions, but it does encrypt a victim's important data, blocking them from accessing it. These attacks can be devastating, as the ransom can be quite high, and the threat actor might also delete the encrypted files if their demands aren't met.

3. Removal difficulty

Removing ransomware is more difficult than removing malware

Malware is usually easier to remove than ransomware. Organizations and individuals can remove many kinds of malware with antivirus software, which scans for malware and deletes any detected infected files. For more complicated malware, a victim might need a security technician to help fully eradicate the problem. Full malware removal may also include formatting drives, reinstalling applications, and recovering data.

Removing ransomware is typically much more difficult. Victims usually only have a choice between restoring their encrypted data from a secure backup or paying the ransom. It's important to note there is no guarantee the threat actor will release the information after receiving payments. 

4. Impact

While most types of malware can damage a business or individual, they usually won't have as many negative consequences as ransomware. The most common effects of malware include lowered system performance and a threat actor controlling resources and data. Since malware is easier to remove and may not do as much damage, its damage is typically limited.

In contrast, ransomware can have a devastating impact on businesses. By locking users out of basic computer functions or encrypting an organization's files, a threat actor can extort a significant amount of money from victims. Ransomware can also prevent businesses from conducting operations, especially if the threat actor deletes the files or never restores access. 

What is the difference between viruses and malware?

A virus is more specific, focusing on device performance, creating malfunctions and corrupting files

Viruses are some of the most common types of malware that affect businesses and individuals. A virus contains malicious code that can infect a device or system and spread to other devices without a victim's knowledge. When a virus infects a device, it can corrupt hard drives, harm performance, send spam, and delete files. Some viruses can even overwhelm a local network with the goal of blocking internet access.

A virus can spread to another device through a variety of methods. Some of the most common transfer methods include sharing infected files, visiting infected websites, opening dangerous email attachments, downloading software, and torrenting files. Viruses can also spread when someone shares an infected USB drive with someone else.

When comparing viruses and malware, it’s important to know that viruses fall under the general category of malware. As a result, viruses have a much more specific meaning than malware. The main difference between ransomware and viruses is that viruses will not demand victims pay to recover their files, nor will they lock victims out of their files. Instead, viruses focus on impacting a device's performance by causing malfunctions and corrupting files.

How Box can help protect your company's data

Box Shield offers automated malware detection, secure links, detailed security alerts, and more

Since malware, viruses, and ransomware can all affect an organization's operations and potentially shut them down, you need to know how to protect your company's data from different types of malware attacks. The Content Cloud gives you the protection you need through the automated malware detection and controls of Box Shield.

Most companies try to stop malware from impacting their systems by quarantining infected files. With this approach, a company replaces the infected file with what’s known as a tombstone file — which is basically a [definition here]. But when one of these infected files contains critical information users need, this approach can result in major disruptions to a company's operations.

Box Shield gives organizations a highly effective alternative solution against malware that doesn’t impact productivity. Our unique preview technology allows users to add a file to Box and share the file with a secure link, rather than as an attachment. With our preview technology, users can click on a secure link to safely view a questionable file.

Automated controls in Box Shield also help   to enable secure work. When Box identifies that a file contains malware, it automatically marks the file as malicious, restricting local editing and downloads — which stops the malware from spreading to other devices. Even with this restriction, users can preview and edit infected files through the Box online platform, and a malware notification will alert them to the file's potential danger.

In addition to restricting the file, Box Shield generates a detailed security alert about malware. With this report, your IT and security teams can evaluate danger and take action to neutralize it before any harm occurs. Your alert will include threat intelligence about the type of malware you’re dealing with, the user who uploaded the file, and any file-related activities. 

Like other Box Shield alerts, your team can easily view malware alerts in the Shield dashboard. If your team is not equipped to handle malware threats, Box Shield allows you to easily send the alerts via Box Event APIs to a third-party cloud access security broker (CASB) or security information and event management (SIEM) provider. 

What’s more, Box Shield integrates with your cloud security portfolio, so you get more value from the tools your team already uses. For example, Box Shield alerts and insights can integrate with your CASB and SIEM, giving you a unified view of your security. It's a perfect complement to your existing security portfolio.

Learn more about what Box has to offer

In addition to offering malware protection, Box provides many additional features and services that keep your data secure. With Box security and compliance solutions in your corner, you protect your information with precision and maintain control over your data, access, and users. Box makes everyday processes more convenient and easy to manage by giving you a single, integrated platform for all of your content.

Find out more about what Box Shield can do to improve your security posture. If you have any questions or want to see Box in action, request a free demo or contact us today.

Box protects your information with precise controls over your data, access, and users

**While we maintain our steadfast commitment to offering products and services with best-in-class privacy, security, and compliance, the information provided in this blogpost is not intended to constitute legal advice. We strongly encourage prospective and current customers to perform their own due diligence when assessing compliance with applicable laws.

Free 14-day trial.
No risk.

Box free trial includes native e‑signatures, lets you securely manage, share and access your content from anywhere.

Try for free