Spotting and Protecting Against Malware: Trojans and Ransomware

June. 5, 2020

1:00-2:00AM PST

Devices and technology have rapidly evolved over the past several years. Unfortunately, this evolution has brought along with it more opportunities and the elevation of numerous forms of malware. Malware, or malicious software, is a piece of software created for the purpose of device impairment, data theft, and overall network upheaval. Coming in many shapes and sizes, and varying greatly in threat-level, malware often serves as tools for hackers hoping to achieve economic gains -- by either disseminating it themselves or selling it at a hefty cost on the Dark Web. But attaining monetary winnings is far from the only goal of malware; protests, security tests, or the instigation of war between governments are additional motives for malware usage. Two types of malware in particular -- trojans and ransomware -- have recently experienced a spike in popularity within the hacking community. Understanding the functionality of each of these methods of malware, as well as the ways in which they can work together to cause severe damages, will help users to avoid disastrous encounters with them.

What is a Trojan?

A trojan, more formally referred to as a trojan horse, is a type of malicious software or code that appears legitimate and wellfounded but can result in a user’s total loss of control over their device or network. Trojans are especially dangerous, as they are typically devised in order to disrupt, damage, steal, or impose impairment and distress onto a user’s data or network. And “unlike viruses and worms, Trojans do not reproduce by infecting other files nor do they self-replicate.” To put it simply, trojans disguise themselves as genuine files and/or applications in order to dupe users into loading and implementing the malware onto their devices. Once a user successfully installs a trojan onto their device, it is empowered to perform its designed functions and duties.

A user is critical to the success of a trojan. Without a user or host’s execution of a trojan, it is entirely useless. However, once a user executes a trojan -- opening and downloading what they have so innocently assumed to be a legitimate attachment or file, often from a sender impersonating someone the user knows -- the consequently installed malware can spread to other files, wreaking untold havoc on the device. 

The following are some of the most prevalent types of trojans that a user may encounter:

  • A Backdoor Trojan has the ability to produce a “backdoor” to a user’s device, providing attackers with access and control of the device. This type of trojan can enable hackers to download and steal valuable user data, as well as provide an opportunity for additional malware to be uploaded to the device.
  • A Downloader Trojan targets already-infected devices, downloading and installing new, updated versions of malicious software.
  • An Infostealer Trojan seeks to steal precious data from a device plagued with malware.
  • A Mailfinder Trojan aims to steal any or all email addresses that have been amassed on a device.

What is Ransomware?

Ransomware is an additional type of malicious software, designed with the goal of locking and encrypting user data located on a device. This data is only returned to its rightful owner following the payout of a ransom to the attacker. Cases have existed in which users are given a strict deadline to which they must pay a cybercriminal, and failure to do so has the potential to result in the permanent loss of their data. But even giving into the desired payouts of the attacker might not guarantee restored access, as many who deploy ransomware are actually cyberthieves. Ransomware keeps users from their personal files and data -- eliminating access to a user’s photos, documents, and even financial information. While these files still live on the user’s device, the ransomware has encrypted the data, rendering it entirely futile and nonfunctional. 

Regaining access to one’s data following a ransomware attack is far from simple. For this reason, it is crucial to be aware of the various forms of ransomware, as well as how to most successfully approach them. The following are some of the most common and typical variations of ransomware:

  • Crypto malware is especially disastrous, encrypting a user’s folders, files, documents, and hard-drives. 
  • Scareware takes the form of fake software that pretends to be a cleaning tool or anti-virus program. This ransomware typically demands a payout in exchange for fixing nonexistent problems plaguing one’s device. Scareware often has the ability to lock one’s device or flood it with an onslaught of pop-ups.
  • Lockers are a form of ransomware that often plague android users’ operating systems, locking them out, and ultimately preventing the access of any files or applications on the device.
  • Doxware, otherwise known as extortion-ware or leak-ware, threatens to publish sensitive, valuable, and previously private information onto the Internet if a ransom is not paid.

 

It is imperative to note that paying ransoms has the potential to lead users down a slippery slope. Payouts may not guarantee the return of your data, and cybercriminals may even require additional payouts -- extorting users to no end -- all while users never regain access to their valuable data, files, photos, documents, etc.

Avoiding Trojans, Ransomware, and Hybrids of Both

As user data grows increasingly sensitive, a large percentage of users will remain willing to payout ransoms. And consequently, the combination of multiple forms of malware that can perform more functions is growing in popularity. According to Lindsey O’Donnell at ThreatList, “ransomware trojan-based infections jutted up from 9 percent in the fourth quarter of 2018 to 24 percent in the first quarter of 2019.” For example, commonly utilized banking trojans have empowered hackers to more rapidly deploy ransomware. And so, pinpointing the exact strain of malware has become increasingly difficult, but doing so is also even more crucial than ever in terms of addressing device or network infections. Exhibiting care when dealing with email attachments, regularly backing up files on an external hard-drive, consistently changing passwords, keeping software as up to date as possible, installing and deploying firewalls, utilizing security software, and taking advantage of services provided by “the cloud” are all actions that users can take to ensure the security of their data.

Utilizing an email encryption service like Trustifi that empowers users with the tools and protection necessary to avoid malware, like trojans and ransomware, is strongly advised. Trustifi’s advanced threat protection services serve to detect, prevent, protect clients against. With the support of our highly skilled and experienced team, users are provided with consistent alerts of any cybersecurity threats or malicious actors that may plague their device or network.

References

“Cisco Security Threat and Vulnerability Intelligence.” What Is the Difference: Viruses, Worms,

Trojans, and Bots?, 10 Nov. 2014,

tools.cisco.com/security/center/resources/virus_differences.

O'Donnell, Lindsey. “ThreatList: Ransomware Trojans Picking Up Steam in 2019.” Threatpost

English Global Threatpostcom, 14 June 2019, 

threatpost.com/threatlist-ransomware-trojans-picking-up-steam-in-2019/145718/.

Try Trustifi Today

For Individuals

Our Free Trial Is Forever Free

For Business

See if Trustifi Is Right for Your Organization