The PracticalCyberSecGuide

Malware and Ransomware

A practical overview of how malware enters devices and how updates, installation habits and backups reduce damage.

Operational brief

Objectives and practical frame

At the end of this module, you will be able to:

  1. 01

    understand malware families

  2. 02

    recognize risky downloads and attachments

  3. 03

    reduce installation risk

  4. 04

    prepare for ransomware with backups and updates

10.1 What malware is

This section focuses on what malware is by connecting infection paths with prevention and damage reduction.

The practical controls are official sources, updates, limited permissions, careful handling of attachments and backups that have been tested before an emergency.

Note

Malware can arrive through attachments, fake apps, compromised sites, extensions or unsafe downloads. This module explains what malware and ransomware do, how they enter and which habits reduce exposure on computers and smartphones.

10.2 How malware can arrive

This section focuses on how malware can arrive by connecting infection paths with prevention and damage reduction.

The practical controls are official sources, updates, limited permissions, careful handling of attachments and backups that have been tested before an emergency.

Example

Malware prevention is a combination of cautious installation, updated systems, limited permissions and backups that have actually been tested

Malware prevention is a combination of cautious installation, updated systems, limited permissions and backups that have actually been tested.

10.2.1 Viruses

This detail focuses on viruses by connecting infection paths with prevention and damage reduction.

The practical controls are official sources, updates, limited permissions, careful handling of attachments and backups that have been tested before an emergency.

10.2.2 Worms

This detail focuses on worms by connecting infection paths with prevention and damage reduction.

The practical controls are official sources, updates, limited permissions, careful handling of attachments and backups that have been tested before an emergency.

10.2.3 Trojans

This detail focuses on trojans by connecting infection paths with prevention and damage reduction.

The practical controls are official sources, updates, limited permissions, careful handling of attachments and backups that have been tested before an emergency.

10.3 Ransomware

This section focuses on ransomware by connecting infection paths with prevention and damage reduction.

The practical controls are official sources, updates, limited permissions, careful handling of attachments and backups that have been tested before an emergency.

10.3.1 Ransomware and backup

This detail focuses on ransomware and backup by connecting infection paths with prevention and damage reduction.

The practical controls are official sources, updates, limited permissions, careful handling of attachments and backups that have been tested before an emergency.

10.3.2 Paying the ransom does not guarantee recovery

This detail focuses on paying the ransom does not guarantee recovery as an incident response situation where the first minutes matter.

The priority is to stop additional damage, preserve useful evidence, write down what happened and report through the right channel instead of improvising under pressure.

10.3.3 Spyware

This detail focuses on spyware by connecting infection paths with prevention and damage reduction.

The practical controls are official sources, updates, limited permissions, careful handling of attachments and backups that have been tested before an emergency.

10.3.4 Adware

This detail focuses on adware by connecting infection paths with prevention and damage reduction.

The practical controls are official sources, updates, limited permissions, careful handling of attachments and backups that have been tested before an emergency.

10.3.5 Keyloggers

This detail focuses on keyloggers in practical terms: what is being requested, what data or access is involved and what could go wrong if the action is rushed.

The useful habit is to connect details instead of checking them in isolation. Context, channel, timing, destination and consequences provide a clearer picture of risk.

10.3.6 Rootkits

This detail focuses on rootkits by connecting infection paths with prevention and damage reduction.

The practical controls are official sources, updates, limited permissions, careful handling of attachments and backups that have been tested before an emergency.

10.3.7 Botnets

This detail focuses on botnets by connecting infection paths with prevention and damage reduction.

The practical controls are official sources, updates, limited permissions, careful handling of attachments and backups that have been tested before an emergency.

10.3.8 Cryptominers

This detail focuses on cryptominers by connecting infection paths with prevention and damage reduction.

The practical controls are official sources, updates, limited permissions, careful handling of attachments and backups that have been tested before an emergency.

10.3.9 Infostealers

This detail focuses on infostealers by connecting infection paths with prevention and damage reduction.

The practical controls are official sources, updates, limited permissions, careful handling of attachments and backups that have been tested before an emergency.

10.3.10 Mobile malware and malicious apps

This detail focuses on mobile malware and malicious apps by connecting infection paths with prevention and damage reduction.

The practical controls are official sources, updates, limited permissions, careful handling of attachments and backups that have been tested before an emergency.

10.3.11 Malicious browser extensions

This detail focuses on malicious browser extensions by connecting infection paths with prevention and damage reduction.

The practical controls are official sources, updates, limited permissions, careful handling of attachments and backups that have been tested before an emergency.

10.4 Signs of possible infection

This section focuses on signs of possible infection in practical terms: what is being requested, what data or access is involved and what could go wrong if the action is rushed.

The useful habit is to connect details instead of checking them in isolation. Context, channel, timing, destination and consequences provide a clearer picture of risk.

10.5 What to do if you suspect malware

This section focuses on what to do if you suspect malware by connecting infection paths with prevention and damage reduction.

The practical controls are official sources, updates, limited permissions, careful handling of attachments and backups that have been tested before an emergency.

10.6 What not to do

This section focuses on what not to do in practical terms: what is being requested, what data or access is involved and what could go wrong if the action is rushed.

The useful habit is to connect details instead of checking them in isolation. Context, channel, timing, destination and consequences provide a clearer picture of risk.

10.7 Good prevention practices

This section focuses on good prevention practices in practical terms: what is being requested, what data or access is involved and what could go wrong if the action is rushed.

The useful habit is to connect details instead of checking them in isolation. Context, channel, timing, destination and consequences provide a clearer picture of risk.

Attention

A file can be dangerous even if it seems to come from a known contact.

Mistake

Installing software from random links to solve a problem quickly.

Good practice

Use official stores, keep systems updated and test backups.

Exercise

Infection path classification

Classify common infection paths: attachment, fake app, browser extension, cracked software, compromised site and removable drive.

In summary

Malware prevention is a combination of cautious installation, updated systems, limited permissions and backups that have actually been tested.