What exactly is malware?


What does Malware mean?

Malware, short for malicious software, is a piece of code considered to be annoying or harmful that tries to infect a computer, phone or tablet. Hackers use malware for a variety of illegal purposes, most of which involve stealing the passwords that can gain access to your money or intellectual property, extracting sensitive information, or preventing users from having access to their device.

What is Malware

In terms of variety, malware is actually an umbrella term used to consolidate a range of malicious software. Malware can be installed by opening infected documents (such as .pdf files or macros embedded within Word or Excel for example).
Below are a few examples of the most common types of malware, followed by some information on what exactly they are and how they affect your device.



Source: androidbeat.com

A computer virus is a piece of code that is installed onto your computer without your knowledge or permission. Some viruses are merely annoying, but most viruses tend to be destructive and are designed to infiltrate, infect and gain control over the system. A virus can spread across computers and connected networks by making copies of itself, replicating how a biological virus passes from person to person, infecting on the go.



Source: ltrepair.net

Spyware is a type of malware that collects a variety of information about you and your computer system. This information could be your internet browsing history, computer usage habits, or even personal information such as credit card numbers and account details, including passwords. All the gathered information is then often passed through the internet to third parties without you knowing.



Source: cybersec.net

Ransomware is a type of malware that prevents or limits users from accessing their system, either by locking the system’s screen or by encrypting the users’ files; using a key that you don’t have until a ransom is paid. In recent years, ransomware has evolved and produced a new variant to its family, collectively known as crypto-ransomware. This new strain encrypts certain file types on infected systems and allows users’ to recover their files with a decryption key that requires the payment of the ransom through online payment methods.

A recent article on ‘ransomware as a service’ was published, as growth in this area is currently rocketing. Check out the blog post here.

How to protect your devices?

Most modern anti-malware products (free or paid for) will provide a sufficient level of protection against viruses and malware in general, but they need to be installed and running to be effective.

Spyware and Ransomware often are installed without your knowledge after clicking on links (either Phishing Emails or poisoned adverts on websites) – so if you remain savvy as to what a Phishing Email looks like and check the target address of links before clicking – you are already protecting yourself.

Further information on how to protect your data is available on the Information Security site (http://blogs.plymouth.ac.uk/infosec/home/infosec-week/day-5/how-to-protect-your-data/).

Information Security Week

Monday 31st October through to Friday 4th November is the first Information Security Awareness week at Plymouth University.

The Enterprise Security team have been busy preparing materials focussing on a series of topics that can affect everyone and their use of technology. It also provides guidance on how to protect both your personal and work based information.

The team will be available for questioning in the Roland Levinsky Building between 1pm and 2pm on Monday, Tuesday and Friday and will be located in the Library between 1pm and 2pm on Wednesday and Thursday.

The dedicated site is at the following location: Information Security

Hopefully you will find something useful in the content and if you have any questions, come along and ask them in person.

Priorities for Enterprise Architecture 2016

Following on from my post earlier this year the Plymouth University Enterprise Architecture roadmap has been updated and shown below.

Although some good progress has been made over the past twelve months in networking and collaborative working including email, the focus of our priorities this year must remain around getting our house in order and migrating our services to the “cloud”.

We must build on the good work already delivered and provide enhancements across the board.  Security must remain a priority, particularly web and mail filtering, monitoring and logging, identity, authentication and authorisation are all key to continued forward momentum.  The other area in need of attention is specific work surrounding data, including where it flows, how it is transformed and efficiencies therein; ideally precursory work to lay the foundations for an Enterprise Service Bus that will underpin business operations and meet aspirations and goals of many organisational units.  This will greatly simplify our drive to deliver all of our services from cloud infrastructure, whether that be Infrastructure, Platform or Software as a Service.

The full EA priorities roadmap document can be found here in our document library.

Enterprise Architecture Priorities 2016

Enterprise Architecture Priorities 2016

Ransomware as a Service

For decades, cyber criminals have been developing malware with the main purpose of extorting money out of people and organisations. The latest development within this fast-growing scene is the arrival of ransomware as a service, or abbreviated as RaaS.


Before we get into the subject topic, let’s take a step back and look at what ransomware actually is. In a nutshell, ransomware is a virus that infects a computer system upon its code being executed. The most common method is when the user clicks on what may seem like a legitimate link, but initiates the downloading a malicious file. Once the file is executed, the malware covertly installs and performs an encryption process on the user’s files. Upon completion the user is informed that the only way to retrieve their files is to pay (the ransom) for the decryption key. The target for ransomware can range from word documents and pictures files, to the MFT (Master File Table) or even the entire hard drive. The ransom payments typically start at around $300 and the threshold depends on the individual victim, sometimes with a limited time before the price is raised or before the chance to pay is withdrawn completely.

Ransomware has been around since the early 90s, but only in recent years has it started to comes to people’s attention. In late 2013, a variant of ransomware named CryptoLocker stormed the internet, procuring much more than $27 million from infected users (Bitdefender, 2014). CryptoLocker was one of the first major ransomware vendors to adopt the use of the Bitcoin digital currency platform to collect ransom money, which added to the difficulty in tracking the cyber criminals operating the malware.

One of the highest grossing and most sophisticated ransomware variants to date has brought in a staggering $325 million in profits for the groups deploying it, named CryptoWall (Vijayan, 2015).




In recent months, a new variant of ransomware has been designed for the less technically able and instead, be extremely user-friendly to the point anyone with little knowledge could obtain and deploy it to make a profit. This is known as Ransomware-as-a-Service (RaaS).  RaaS works by creating and launching a campaign that advertises positions for the campaign, known as agents where you sign up, enter a handful of details and download a customer edition of the ransomware that is linked to the agent. Now all the agent has to do is start infecting other computer systems and for the end users affected to pay the ransom to retrieve their information.

By making software that is free and easy for others to deploy, the creator of an RaaS platform can hope to land a cut of ransoms from a large number of infections spread by many agents. Those agents, with little investment of skill, time, or money, stand only to gain from their big percentage of ransoms paid.

One of the more recent RaaS variants, named Shark was seen in early August and targets an even less tech-savvy base of distributors as this strain brings FUD (Fully-Undetectable) polymorphic encryption to the malicious file, giving it a much higher execution rate compared to other variants that require the distributor to deal with the file encryption themselves. Typically, RaaS operates using the anonymous network Tor to host their files mostly because they are perceived to offer anonymity. These online networks are more private and secure, but are not readily available to the more casual internet users as they require a custom internet package and a small amount of know-how to access it. However, Shark adopted a different approach. Shark was instead hosted on a public WordPress site that was accessible to the internet at large, massively extending its audience and resulted in a much higher activity of agents for the service. Having both these additions, Shark have set a dangerous milestone for RaaS that others will be sure to follow.

All in all, it’s a win-win for both the skilled hackers and their script kiddie agents.


How to protect yourself


After having discussed what ransomware is and what disastrous effects it can deliver, let’s finish off with a discussion on how to best protect yourself from such a threat. Let’s start with the actual computer system. Having some form of anti-virus security software installed is a must; this will safeguard your computer against malicious files being executed on the system. However, this is only effective if the virus signature database for the security software is kept up-to-date regularly, being is at least daily. In excess of a million of new malware variants are being developed and deployed on the internet every day (Trendmicro, 2016), having a set of old virus signatures is almost as bad has having no protection at all.

This concept also applies to all the software on your system, including the operating system, the browser and all of the plug-ins that modern browsers typically use. One of the most common infection vectors is a malicious exploit that leverage a software vulnerability. Keeping software up to date helps minimise the likelihood that your system has an exposed vulnerability on it.

A new and fast growing development to prevent the ransomware threat is a software utility known as anti-ransomware. Anti-Ransomware monitors all activity in the computer and identifies actions which are typical of ransomware activity and blocks the infection and quarantines the ransomware before it has a chance to encrypt users’ files. Malwarebytes have released an anti-ransomware software package, a completely proactive and signature-less technology that is able to detect and block even the most dangerous variants of ransomware like CryptoLocker, CryptoWall4 and CTB-Locker.

Another popular route used to deliver malicious material is via email platforms. Having a spam filter system in place with its blacklist database constantly up-to-date will eliminate a vast majority of harmful emails that would flood your inbox and greatly help towards the prevention of infection.

The next technique doesn’t so much aid towards the prevention of an infection, but is more aimed at the protection and recovery of your files in the case of infection and your files become encrypted. A bulletproof method to protect against losing your files is to perform regular back-ups on an isolated device. Doing regular back-ups on an external device such as an USB external hard drive can be both effortless and effective in the protection and recovery of your files. This is especially aimed towards sensitive files and files of high importance. If your files are backed up straight away, or even on daily basis onto an external device, unplugging that device from the computer stores the files in isolation and protects them (until plugged back in) against encryption from ransomware malware.

All the above with aid you greatly in the protection against becoming infected with the ransomware virus. However, the number one factor in the prevention and protection on this matter is general self-awareness when using the computer. This is the first and foremost important layer of security anyone can have. By this I mean avoid clicking on pop-up advertisements, don’t visit areas of the internet you know you shouldn’t, use legitimated sources and mostly, stay away from any illegal activates. Follow your gut instinct; if something doesn’t look right, seems too good to be true or doesn’t feel right, stay away. Simple.

In the uneventful case you do become infected by ransomware, head over to Kaspersky Labs as it’s a great place to start because they offer a variety of decryptor tools. However, this only applies to the lower-end ransomware which is an unlikely case. The more sophisticated variants are not reversible. If decryption using a free tool is not possible and there is no other option in the retrieval of your files, the choice to pay the ransom is yours to make.



  • (2014). On Cryptolocker and the Commercial Malware Delivery Platform behind It.Available: https://labs.bitdefender.com/2014/07/on-cryptolocker-and-the-commercial-malware-delivery-platform-behind-it/. Last accessed 05th September 2016.
  • (2016). Malware: 1 million new threats emerging daily.Available: http://blog.trendmicro.com/malware-1-million-new-threats-emerging-daily/. Last accessed 05th September 2016.
  • Vijayan, J. (2015). With $325 Million In Extorted Payments CryptoWall 3 Highlights Ransomware Threat.Available: http://www.darkreading.com/endpoint/with-$325-million-in-extorted-payments-cryptowall-3-highlights-ransomware-threat/d/d-id/1322899. Last accessed 05th September 2016.