If it feels like malware is lurking everywhere these days, that’s because it is. Malicious digital attacks have been on the rise for several years, and the pace of attacks shows no sign of slowing down.
What you might not realize is that not all malware attacks are the same. In fact, there are dozens of different categories of malware, each with its own dangerous impacts. Within these categories, there are thousands of individual malware strains created by different hackers to target different systems.
We’ll take a look at the 10 most common types of malware, which account for the vast majority of attacks on individuals and businesses today.
Protect your employees and network from web-based attacks with a Secure Web Gateway. Filter out malicious threats. Monitor all employee activity. Streamline compliance. Secure your entire workforce, whether on-prem or remote with Perimeter 81. Deploy in minutes. Start now.
Ransomware is a particularly nasty type of malware that encrypts all the data on your system. The only way to get your data back is to pay a ransom to your attacker.
Ransomware is a big business for cybercriminals. Palo Alto Networks, a cybersecurity firm, reported that the average ransomware payment in 2022, among companies it worked with, was more than $925,000. Many ransomware groups have fully staffed customer service departments to help victims pay their ransom.
Keep in mind there’s no guarantee you’ll get your data back even if you pay the ransom. You’re forced to trust that the cybercriminals who attacked you in the first place will be true to their word.
In addition, some cybercriminal groups have threatened to release victims’ data if they refuse to pay the ransom. This recently happened to the Los Angeles school district, which saw students’ Social Security numbers and health data released after the district refused to pay a ransom.
Spyware is a type of malware that sends data about your activity back to the attacker. It can be used to monitor your online activity and collect your passwords and payment information.
Attackers can then directly use this information to make fraudulent purchases or access your accounts. For businesses, spyware is especially dangerous because an attacker can use an employee’s password to access other parts of your network.
Attackers can also sell stolen passwords, payment information, and personal information on the dark web. If you’re a victim of identity fraud, it could ultimately trace back to spyware infection.
Trojans, named after the mythical Trojan horse, are pieces of malware that are disguised as legitimate software. Often, Trojans are bundled with downloadable apps, email attachments, or even software patches.
Trojans can do a variety of different things. They can be ransomware or spyware, or they can even give an attacker total control over your computer.
Importantly, Trojans don’t self-replicate, meaning they’re not easily spread from computer to computer in a network. However, if an attacker uses a Trojan to steal passwords or take over a computer, the scope of an attack can widen quickly.
Worms are self-replicating pieces of malware that can rapidly spread through a network. Worms are designed to insert themselves into email attachments, replicate onto USB-connected drives, and generally spread as widely as possible.
Once a worm infects a system, it can be used for everything from launching a ransomware attack to stealing passwords and other sensitive data. One of the most well-known worms was the WannaCry ransomware, which spread around the world thanks to a vulnerability in the Windows operating system.
5. Wiper malware
Wiper malware is like ransomware, but without the ransom. It’s designed to encrypt and destroy all data on a hard drive with no hope of recovery. Wiper malware is very nasty stuff and can be used to effectively obliterate a network.
So far, there are relatively few examples of wiper malware being deployed on a large scale. That’s partly because wiper malware has little economic value to cybercriminal gangs.
However, it can be used to cover up hackers’ tracks after an attack. For this reason, wiper malware is used most frequently by state-sponsored hackers or on the heels of a highly targeted spyware attack.
Rootkits are pieces of malware that can completely take over a computer without you realizing it. They are typically designed to take over administrative privileges, enabling the malware to access the operating system and suppress any antivirus software that might be running on the computer.
Rootkits can be extremely difficult to get rid of. In the worst cases, they can embed themselves in the kernel of your operating system or even in your computer’s hardware. If that happens, there may be no other choice than to completely rebuild or replace the computer.
Adware is malware that tracks your online activity in order to sell your data to advertisers or to serve you the ads directly. Adware can be very profitable for the attacker, especially if they receive a commission for the ads you’re being served.
While adware might sound innocuous relative to other types of malware, it still presents a major invasion of privacy. If you notice an uptick in the number of pop-up ads you see while browsing the web, there’s a chance that your system may be infected with adware.
Keyloggers record everything you type on your computer or smartphone and send that information back to the attacker. Using your keystrokes, the attacker can steal your passwords and payment information or even read your emails and messages.
Keyloggers are often installed by Trojans, although they can also spread through worms or be packaged with other types of spyware.
9. Fileless malware
Fileless malware is malware that doesn’t install anything on your computer. Instead, it makes minor changes to your operating system’s registry or other critical system files. These changes often go unnoticed because the files themselves are legitimate parts of your operating system.
After fileless malware makes these changes, attackers may be able to more effectively and stealthily take over your computer with a Trojan or attack you with ransomware.
Bot malware is a program that can run on your computer, often in the background, without you knowing anything is happening. Bots are often used to coordinate thousands of computers to connect to a website at the same time as part of a distributed denial-of-service (DDoS) attack.
Bots use up some of your computer’s processing power, making your computer run slower. They also make you an unwitting contributor to a hacker’s other attacks.
How to defend yourself against malware
With so many different types of malware on the loose, it’s important to set up a robust defense for your computer or network. This starts by deploying a secure web gateway (SWG), like Perimeter 81, and a firewall.
An SWG monitors traffic at the level of entire websites to detect suspicious activity and prevent executable malware from being downloaded to your computer. A firewall inspects every data packet a website sends to your computer for known malicious code.
Used together, an SWG and a firewall can protect your computer against the vast majority of attacks. You should also run antivirus software on your computer to deal with any malware that makes it past these initial defenses.
There are many different types of malware lurking in the shadows, waiting for a chance to infect your computer. The best way to defend yourself is to use an SWG, a firewall, and antivirus software. These security tools can dramatically reduce your vulnerability to attack and help keep you safe from malware.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Michael Graw is a freelance journalist and photographer based in Bellingham, Washington. His interests span a wide range from business technology to finance to creative media, with a focus on new technology and emerging trends. Michael's work has been published in TechRadar, Tom's Guide, Business Insider, Fast Company, Salon, and Harvard Business Review.