What happens if I get infected with malware?Explanation of infection routes, countermeasures, and coping methods

In recent years, cyberattacks against companies using malware have become more sophisticated and sophisticated.It is necessary to acquire basic knowledge on a daily basis and prepare countermeasures in case of infection.In this article, we will explain basic knowledge about malware, how it differs from viruses and ransomware, what to do if infected, and measures to prevent infection.

What is malware?

Malware is a word coined by combining the word "malicious," which means malicious, and "software," and is a general term for malicious software that is created with the intention of operating in an unauthorized and harmful manner.

Difference between virus and ransomware

A virus is a malicious program that reproduces by inserting code into other programs.Ransomware is a malicious program that encrypts the files on an infected computer, rendering them unusable and demanding a ransom in exchange for their restoration.Both ransomware and viruses are types of malware.

[Related article] What happens if you get infected with ransomware?Measures companies should take

Regarding ransomware,This articleSee also

What if I get infected with malware?Impact on companies

We will explain the specific damage and risks to a company if an employee's computer is infected with malware.

It takes costs and human resources to respond to damage.

If you discover that your computer has been infected with malware, you need to take immediate action.The costs and human resources that are suddenly required for initial response to prevent further spread of infection, investigation of infection routes and damage situation, etc., put pressure on normal operations.

Information leaks, affecting customers and business partners

It is difficult to completely avoid malware infection, but if the initial response is incorrect, it can lead to a situation that becomes known outside the company.Inappropriate responses to information leaks or insufficient provision of information to customers and business partners can lead to a loss of trust.

Business and services stop due to system failure

Some of the most malicious types of malware encrypt files, making them impossible to open.In the manufacturing industry, production lines may stop, and in hospitals, systems related to electronic medical records and medical fees may affect the ability to continue providing medical care.Not only will it cause financial loss, but it will also damage your credibility.

Leakage of customer and confidential information poses legal risks

In addition to losses due to business suspension and loss of trust, legal risks may also occur depending on the data handled.If a company is legally responsible for privacy violations or leakage/misuse of personal information due to infection, they may have to pay fines.

Main types of malware

We will explain some of the most common types of malware.

Computer virus

A computer virus is a malicious program that reproduces itself by injecting code into other programs.It is called a virus because it cannot exist on its own, and the way it reproduces by modifying a part of its program and creating clones resembles that of a disease.

Ransomware

Ransomware is a word coined from the words "Ransom" and "Software," meaning ransom. It encrypts the infected computer's files, rendering them unusable, and then offering a ransom in exchange for restoration. This is the malware that requests it.In recent years, ransomware that threatens to release stolen data unless a ransom is paid has become popular.

worm

Worm is also a type of malware.The form of replicating and infecting the virus is the same as that of a virus, but the difference is that it can exist alone without the need for any other host program, hence the name worm, which means insect. .

Spyware

Spyware, as the name suggests, is spy-like malware.It is installed on devices such as PCs without the user's knowledge, and collects and leaks the user's personal information and passwords.Companies that have a lot of customer information especially need to take measures.

Main infection routes of malware

There are several routes for malware infection, but we will introduce some of the most common ones.

Opening emails/attachments

URLs and attachments in emails are the most common infection routes.They are disguised as file names and extensions that are likely to be related to work, and if you click on them, the malware will run and infect you.

Browsing websites

You can also get infected by browsing a website that has malware installed on it.In many cases, you may not notice that you have been infected, and if you use bulletin board sites or illegal video sites outside of work, the risk of infection increases.

Installing software and apps

There is also a risk of infection when installing software.There are various cases in which they appear to be generic or are installed together.Be careful when installing free software, such as checking to see if the site you are downloading from is a trustworthy site.

Connecting external memory

When you insert an external storage device such as a USB memory into a computer or other device, the malware hidden inside it may be automatically executed and infected.

Using file sharing software

If you use software or services that allow you to share files with an unspecified number of people, you may be infected with malware without your knowledge. There is also malware that exploits vulnerabilities in the Windows file sharing function.

Measures to prevent malware infection

We will explain measures to prevent the risk of malware infection.

Introduce EPP (antivirus function)/EDR and manage it appropriately

Using EPP's antivirus function and EDR are the most common ways to prevent infection.Functionality varies by product, including detecting, identifying, removing, and quarantining malware.There are some that can be used online, but if an infection is detected, you will need to immediately disconnect it from the network, so check the functions that are available offline.

Update software and systems

Vulnerabilities are often found in OSs after they are released, and continuing to use older versions is the same as continuing to use vulnerabilities found in the past.It is very important to update regularly and keep it up to date as a malware countermeasure.

Alert employees

Malware infections via email and websites can be prevented by employees' IT literacy.Regularly raise awareness and alert your employees through security training and mock drills in the event of an infection.

Build internal security rules and systems

To prevent malware infection and spread, we will establish and enforce internal security systems, such as prohibiting the bringing and use of personal USB and mobile devices, establishing password change periods, and setting up a VPN.

Consult with a cybersecurity expert in advance

Initial response to malware infection requires careful attention and prompt processing.In addition to consulting with your own security department, it is also effective to consult with external specialists in advance.

What to do if infected with malware

We will explain what to do if your computer is infected with malware.

Network interruption

There is a risk that the infection may spread to other devices connected to the same network, so disconnect the network immediately by unplugging the LAN cable if using a wired connection or turning off the Wi-Fi connection. Please go.

Incident reporting/sharing with system personnel

Unless you are a security expert yourself, it is risky to try to solve this problem on your own.Please promptly share it with the person in charge within your organization.

Contact a cybersecurity specialist

In addition to your own security department, consult outside experts.By taking appropriate measures quickly, it is possible to minimize the damage.

Malware detection

Detect malware using security software.A full scan may take nearly half a day.Reduce time to detection by running regular scans based on how often you use your device.

Identifying the source of infection and investigating the damage situation

You need to determine which systems were affected, how they were accessed, and what data was compromised.By thoroughly scanning in-house devices, we can identify attack methods and intrusion routes, and by investigating infected and suspected devices individually, we can identify the details of damage and the cause of infection.

Malware removal

Malware detected by security software can be immediately isolated and deleted.If the file you manually downloaded is malware, delete it.If the problem still persists, initialize the device.

Please contact FRONTEO for response to malware infection damage and cybersecurity investigation.

Initial response to malware infection requires careful attention and prompt processing, so it is recommended to utilize specialized services. FRONTEO's Cybersecurity Investigation Package, which boasts a track record of over 10,600 fraud investigations, provides high-quality cybersecurity investigations that are recommended by multiple insurance companies.

It is an effective solution for initial response that includes the minimum necessary investigations in the event of a cyberattack, such as EDR investigation and dark web investigation, in one package, and additional services such as Wi-Fi vulnerability investigation, NDR investigation, and penetration testing are included. Surveys can also be conducted.For companies that do not have human resources with specialized knowledge, there are concerns about the speed and professionalism with which they respond to emergencies.Based on the know-how gained from our overwhelming track record, FRONTEO supports the initial response to cyber attack damage.