From rootkit, to ransomware, passing through persistent malware: there are several families of viruses that attack our computers
Malware, a word that lately arouses a lot of fear. They are malicious programs for any computer system, created for different purposes: to destroy or block a device and in most cases to steal victims’ personal data. But they are not all the same.
In fact, there are different families of malware. Some of them are more dangerous for the device, while others are more dangerous for users’ confidential information. And then each type of malicious software tends to use a different modus operandi. They may be contained in an email or an attachment, or within programs that the system thinks are safe. Others, however, exploit vulnerabilities in software – which is why it’s important to download updates – to infect computers and mobile devices (which mainly include the always-connected objects of the Internet of Things). But what are the most feared malware?
Ransomware
Undoubtedly one of the most dangerous (the most sensational example is WannaCry) and one that doesn’t let companies and institutions sleep soundly is ransomware. Its way of striking is really devious. If it manages to infect machines, it first encrypts the data contained within the hard drives and then asks for a ransom in return. And the chances of recovering the files “hidden” by the virus are few. So often the victims, in order to come back in possession of the information made inaccessible by the ransom virus, capitulate and pay the money demanded by the hackers. This solution, as experts suggest, does not ensure data recovery.
Rootkit
Rootkit is a malware that is difficult to detect and aims at gaining control over the machine by appropriating administrator privileges. The main feature of this malicious program is its ability to hide (it is often inserted into trusted programs) from antivirus software. Discovering it is sometimes almost impossible and many of the victims do not realize they have been infected. It is also very difficult to remove it completely from the affected computer or device and the only way to get rid of it in most cases is to format the machine.
Persistent Malware
As the word suggests, persistent malware is a type of malicious program that never disappears completely, even after it is removed. Its main characteristic is that it leaves other viruses around the infected machine ready to continue attacking. Normally, after it is detected and deleted by the antivirus, one of the traces spread by the malware in the computer directs the victims’ Internet traffic to malicious pages that download more viruses. Moreover, persistent malware is very difficult to detect.
Firmware malware
This version of malware is very harmful as it wedges itself into hardware components, such as hard drives or bios, and leaves no way out: the only way to recover the functionality of the affected machines is to replace the malware-infected parts. The virus attacks firmware – that is, the programs that are used to start the hardware elements of a device – and therefore makes its detection by antivirus very difficult.
How to defend yourself
The main weapon is prevention. Malware is unlikely to strike without the unwitting cooperation of users: a suspicious email, for example, may contain a malicious link. It is always good to ignore messages coming from untrusted sources, as well as it is advisable to download programs from unofficial sites. It is, as we have seen, important to keep your operating systems up-to-date and equip yourself with a good antivirus.