Malware and best practices for malware removal

We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 – 28. Join AI and data leaders for insightful talks and exciting networking opportunities. Register today!


Malware means “malicious software.” It is a general name for different code variants developed by cyberattackers to cause deliberate damage to a computer system or network of systems. Here, we take a deep dive into malware to explain the types of malware in 2022, the key steps in the malware removal process and the top seven best practices for protection against malware attacks in 2022.

Individuals and organizations have suffered from malware attacks since the early 1970s, when the first malware was identified and an attack was documented. Since then, several attacks by thousands of different variants of malware have surfaced and affected computer systems around the world. 

PurpleSec in a recent report affirms that there is a steady rise in malware attacks over the last ten years and an 86.38% rise alone from 2017 to 2018. Amid the global lockdown caused by the COVID-19 pandemic, the spate of malware attacks took new forms, mimicking changes to peoples’ lives and challenging situations, reaching unprecedented levels. 

As technology advances, attackers devise more possible options to infiltrate the system. Today, malware attacks are everywhere you turn, from web pages to emails to software downloads on computer systems to mobile devices. According to PurpleSec’s recent report, in a single week, more than 18 million websites are malware-infested.

The intent behind every malware’s development is to distort systems’ operations, gain unauthorized access into a system or network, and then facilitate disruptions that would lead to hardware and software damage.

With the increased projections of malware attacks in 2022 and the rise in remote work and technological advancements, it is important to understand all there is to know about malware and how you can stay protected in the face of increased risk.

What is malware?

A malware’s purpose could vary and include damaging computer software/hardware, stealing data for unauthorized means and gaining remote access to a network.

Malware’s introduction to a system could be through various means, usually as a file or link attached to an email, requiring a click or download. The user unknowingly executes the malware from that point, allowing a network penetration, as it goes on to deliver a devastating impact on the system.

When a system or network is penetrated by malware, the type of malware will determine the damage and form of disruptions on the device. The wave of cyberattacks in the previous year gives an idea of the kinds of malware to monitor in 2022.  

[Related: Recovering from ransomware attacks starts with better endpoint security]

Types of malware in 2022

Different types of malware penetrate systems and networks at any given time, performing damages and disruptions to functionality and systems data. Cyberattackers are constantly evolving malware codes. Here are some types of malware to look out for in 2022.

Ransomware

This is the first type of malware to watch out for in 2022. Ransomware jeopardizes victims’ data by threatening to publish or disable access to a victim’s data unless the victim pays a ransom. Lately, ransomware has proven to be the most dangerous type of malware because it encrypts files for extortion.

Ransomware attacks have become common worldwide, rising by 350% in 2018 with an estimated cost of $6 trillion annually by 2021, earning billions of dollars in payments to hackers and wreaking havoc on businesses’ finances and reputations. 

For example, Kaspersky reports that “WannaCry” ransomware hit some 230,000 computers, generating a loss of $4 billion across 150 countries. Ransomware is frequently designed to propagate over a network as it targets database and file servers, from which it may lock down an entire enterprise’s data.

Viruses

It’s a type of malware that has been around the longest. It attaches itself to another software such as a document, multiplies, and propagates after its installation on a victim’s system. Viruses are well known for damaging data, slowing down system resources among other harmful capabilities. 

A virus reproduces as a biological virus does. When the virus is activated, it spreads to other files and applications on the system, causing destruction.

Worms

It is similar to a virus because it spreads copies of itself, but unlike viruses, worms don’t require an infected application to run to be active. Worms take advantage of software flaws or employ deception techniques to get into your network, like enticing users to open an emailed file containing the worm.

Harmful activities of worms include theft of sensitive data, data breaches and files removal. Worms are effective because of their serial multiplication, they slow down systems by clogging space on the system’s hard drive.

Malware bots

Bots are otherwise called internet robots and are ideally useful in executing repeated tasks on the internet. However, in recent times, it can be used to spread malware, to completely access and assume control of a system.

Once malware bots infect a host, it establishes the connection to a central server, which acts as the control hub for a network of similar or breached systems. They are characteristic radical replicators and inconspicuous types of malware, maintaining a hidden status by imitating regular systems file names and processes. 

Other capabilities of malware bots in an infected system include:

  • Passwords collection/storage
  • Keystrokes logging
  • DoS attack launch
  • Financial information collection
  • The exploitation of vulnerabilities caused by other types of malware
  • Spam-relay 

Keyloggers 

These are a type of malware that individuals and organizations should be wary of in 2022 because of their use by organizations to track employees, especially in remote work. It tracks keystrokes and system activities to steal sensitive data and passwords. 

A report by Check Point tagged snake keylogger, a malware discovered in 2020, as having entered the top bracket of most dangerous malware. The report states that the keylogger has been growing fast via phishing emails with different themes across all countries and business sectors.

Trojans 

Trojans camouflage as attractive software and convince people to download it. Free games, helpful software/programs, crucial email attachments and even antivirus software are all impersonated by Trojans.

Trojans are a hostile hacker’s advance guard. Trojans offer ways for thieves to get access to your system once they’ve been downloaded. They don’t reproduce themselves; instead, they depend on unwary people to propagate the malware.

A recent report by Kaspersky showed that in Q3 2021, 6,157 Trojans installation packages marked an escalation of 2,534 from Q2 and 635 more than Q3 2020.

Also read: Crippling AI cyberattacks are inevitable: 4 ways companies can prepare

Malware removal process: 7 key steps

It can be an arduous task to remove a malware infection once a system has been compromised by malware. It is important to initiate removal procedures because of further destruction and distortions that can happen if removal is procrastinated. Here are seven key steps in a malware removal process:

1. Quarantine the system

Once a malware infection is suspected or confirmed, isolate the system as soon as possible. If the system is in a network, unplug the connection cables or disconnect the wireless link to break communication to other computers in the network. Simply disconnect from the internet and stay offline.

Ensure to quarantine removable media like USB drives connected to the system, you shouldn’t risk malware transmission to other systems through the external drive. The quarantine will break the connection to the cybercriminal from the system, preventing further data transmission. 

2. Activate safe mode

This is a means where the computer is started in a manner that it conducts checks, and only loads the essential software and applications. If the malware is configured to load automatically, it will be unable to do so, making it easier to delete. 

While following the procedure to activate safe mode, avoid revealing passwords. Keylogger features of some malware could be running undetected to capture system keystrokes. Once a system is infected, desist from accessing sensitive accounts.

3. Check for and close malicious applications

With the help of your activity monitor or task manager (for Windows OS), which displays the processes that are currently running on your computer, you can close updates or programs that you suspect to be malicious. You can also observe and control how they influence the performance of your system.

Malware consumes the system’s resources quickly, so look out for the programs that are working the hardest, and close with your activity monitor. Before cleaning the system, disable System Restore and create a restore point containing infected data.

You can also delete temporary files to dispose of some malware. This will automatically boost the speed of scanning for malware. If you use a Windows 10 computer, search and run the “Disk Clean-up” application.

4. Download and run a malware scan

If you currently have an anti-malware program installed on your computer, you should run this malware check with a separate scanner, because your existing software may not have identified the infection.

Install and run security software to protect against existing and upcoming malware, such as ransomware and viruses, after downloading an on-demand scanner from a reputable source.

5. Run further scans and updates

While upgrading anti-malware and antivirus software, run additional scans. If the type of infection by malware is identified by a source, use a particular anti-malware that can remove the type of malware that’s found and continue with thorough scans. To guarantee that the malware has been eliminated, be sure to scan the system using multiple types of anti-malware.

6. Allow system restore without copying corrupted file

Establish a restore point on the system by manually selecting such a point where you are confident that the system was performing its processes well. 

7. Educate systems users

For organizations on a network, educating system users about malware and the risks that exist to data can be done through personal training, and raising awareness using signage and posters. Ensure that the posters are pasted at conspicuous areas frequently used by employees in the organizations. 

It is important to be aware of the latest trends in cybersecurity. Staying updated about the latest malware and cyberattack strategies will forestall future attacks. There could also be occasional drills on the malware removal process as a form of educating system users.

Top 7 best practices for protection against malware attacks

With the threats from cyberattackers through malware surging in the previous year and its implications on individuals and organizations, projections are that organizations and personal users will be up against more malware-enabled vulnerabilities and cyberattacks in 2022. 

As dependence on technology increases, it is important to incorporate some practices that could help individuals and corporations. Below are the seven best practices that can guarantee protection against malware attacks:

[Related: Organizations ramp up DevSecOps tools for optimum security]

1. Gaining cybersecurity knowledge and staying updated on the latest threats

As cybercriminals keep advancing in the creation of malicious software, it is imperative to stay up to date on malware updates and arm yourself against them. Knowledge of the latest and most prevalent malware threats helps you identify the new strategies that cyberattackers use. 

A study by security firm, Tessian, showed that 88% of cybersecurity incidents are due to mistakes made by employees/users. These mistakes are bound to happen if you are not staying updated on identifying signs of malware infections. Having up-to-date knowledge on malware signs improves your organization’s productivity, you will have fewer disruptions and a better reputation.

2. Update systems regularly

Keeping programs and software frequently updated protects against malware attacks. 

For example, the Equifax cyberattack of 2017, where millions of customers’ data were exfiltrated, could have been prevented, had the company updated its software to address vulnerabilities. Also, anti-malware software needs constant updates to meet the task of tackling malware as they keep advancing.

Updates tighten security vulnerabilities, provide new features and improve existing ones, ensuring system stability. To stay protected from malware attacks, regular system updates must become standard best practice.

3. Incorporate artificial intelligence (AI) in protection against malware attacks

As technology evolves with more incorporation of artificial intelligence (AI), cyberattackers are also building sophisticated malware that is hard to monitor on human reliance. A merger of AI sophistication tools and traditional malware protection procedures can provide better results.

“Artificial intelligence cannot automatically detect and resolve every potential malware or cyber threat incident, but when it combines the modeling of both bad and good behavior, it can be a successful and powerful weapon against even the most advanced malware,” said Giovanni Vigna, a University of California professor.

Organizations must include AI in their cybersecurity toolset in the same way that attackers use machine learning and deep learning tools. To automate threat defense, you can adopt predictive intelligence systems which integrate machine learning and large data analytics.

 [Related: Dangerous malware is up 86%: Here’s how AI can help]

4. Tighten protection and security

Identity theft is a reason for cyberattackers’ creation of malware. The Insurance Information Institute reported that, in the past year, there was a 68% increase in identity theft in the US, compared to the 2020 statistics. This shows that there’s almost no tight security against malware from accessing your data on the internet, and passwords are no longer sufficient security.

Multifactor authentication (MFA) must be among the list of best practices to protect against malware attacks. MFA means that you need more than one authentication factor to gain access to an account or a device. For instance, to unlock your phone, you need to enter a password and scan your fingerprint. In reality, cyber insurance providers are requiring more and more businesses to use MFA.

MFA uses three factors: something you know, something you have and something you are. A PIN, the answers to a security question, a code from an authentication app and a fingerprint are examples of each. Traditional passwords do not give the same level of protection as this additional layer of authentication.

5. Use a secured network

It is advisable to use a network with strong security, especially when surfing on public networks. Ensure the virtual private networks have strong encryption. It is recommended that your home network should be a WPA or WPA2 encrypted network. Avoid sharing your service set identifier (SSID), which is your network’s name, even with trusted guest users. This will reduce the risk of information being hacked when sent over your network.

For the network in your organization, start with an audit of every device that can connect to the network for endpoint security. Then you must identify and remedy any possible vulnerabilities. Practices such as automated software upgrades to remote devices and building a zero-trust network will be included.

Also read: Why remote browser isolation is core to zero-trust security

6. Steer clear of suspicious links

Emails and messaging tools are ways malware finds access to your devices. Cybercriminals fake messages from reputable websites that redirect you to fake sites where you’d be required to give your details or sensitive information. 

According to Cisco’s recent report, phishing attacks are at a record high, now targeting organizations. With social engineering, phishing attacks have achieved more sophistication. Certain malware like keyloggers can stay dormant for a long period before it is used for an attack, making it harder to track the source of the malware attack.

Strange links in emails or web browsers are almost always Trojan horses. Malicious codes can even be included in a website, redirecting viewers to a secondary site where malware is downloaded to their devices.

Avoid any link that you are not sure of. Sometimes these messages come with attachments with a clickbait to download. Avoid such clickbait, as these attachments could be malware. As long as it’s suspicious, do not click on it.

7. Firewall installation and data backup 

This might sound stale, but firewalls and data backup must be a best practice. Having effective anti-malware is important; you must look out for certain specifications as you install anti-malware on your PC. 

Specifications can include the ability to scan new downloads/files introduced into your computer, aggressive notifications or warnings, and the ability to detect specific/sophisticated malware that tends to hide in computers. Organizations must invest in getting sophisticated firewalls that can defend against spyware and malware targeting their industry.

It’s vital to have a copy of the data on secondary media in case the source data is lost or corrupted, using an external drive or USB stick, or it could be something more complex; like a disk storage system or specialized cloud storage. 

A backup is the safest guarantee against a variety of issues, ranging from data loss or corruption due to human error to program failure, owing to cyberattacks.

The ongoing malware fight

Cybercriminals will continue to use different and novel variants of malware codes to breach system processes and programs to steal sensitive data for nefarious purposes. Individuals and organizations should look out for ransomware, Trojans, bots and virus infections, as cybercriminals will use these to ensure vulnerabilities. 

However, if a system gets infected by malware, you should consider system quarantine, starting such a computer in safe mode, scanning and using an efficient and trusted anti-malware program in removing the malware. User education and knowledge of cybersecurity can also help prevent subsequent malware attacks.

You should also avoid clicking on suspicious links and engage in system and program updates. The use of a secured network improved security and authentication, and the use of a firewall and data backup are other best practices to adopt to forestall attacks from malware. 

[Read next: Targeted threat intelligence is key to protecting enterprises against cyberattacks]

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn more about membership.