Browse Definitions :
Volunteers join forces to tackle COVID-19 security threats cyberextortion

Malware vs. ransomware: What's the difference?

Ransomware is a type of malware. It encrypts files and demands a ransom before allowing victims to regain access.

Cyber attacks are taking place globally, and no one is safe. As the technology advances, so do scammers and cybercriminals. These attacks exploit digital device weaknesses, enabling attackers to access systems and files.

The terms malware and ransomware are often used interchangeably, but this is wrong. Ransomware is a subset of the greater malware umbrella term.

Here is an explanation of each term, and how they differ.


Malware is an umbrella term for any malicious code or program that gives an attacker explicit control over a system. It's a broad term that refers to all types of malicious programs, including:

  • Ransomware. This type of malware infects a computer system and encrypts the data. Attackers then demand a ransom to decrypt the data so the victim can regain access.
  • Rootkits. This delivery method for other malwares hides in the deepest corner of a computer. It delivers malicious payloads such as keyloggers and spyware.
  • Scareware. This is an app or webpage that pops up and attempts to frighten victims into buying unnecessary software or providing their financial data.
  • Spammers. Malicious code sets up shop on a computer and pumps out thousands and thousands of spam emails. This type of malware uses a victim's system as an email blast platform.
  • Spyware. Spyware records the activities of unwitting users -- such as websites they visit and information about their computer systems. Spyware that records keystrokes is called a keylogger. It is designed to steal credit card numbers, passwords, bank account numbers and other sensitive data.
  • Trojans. A Trojan malware looks like an innocuous file but secretly delivers a malicious payload.
  • Viruses. This is a generic term for malware that does nothing but damage your computer and delete files.
  • Worms. This is a standalone program that can self-replicate and spread over a network. They aren't very common anymore and were often forms of mischief.


Ransomware is malware that takes a computer system hostage. Attackers then demand those users pay a ransom to regain access to their system. Ransomware is usually delivered as an attachment via email but can also be downloaded from the web.

Ransomware operates like a Trojan in that the malicious payload is delivered by another source. Once the payload infects a system, it executes the download of the ransomware software.

Ransomware is malware that takes a computer system hostage. Attackers then demand those users pay a ransom to regain access to their system.

The ransomware then scours the infected computer system for vital files -- such as Word documents and Excel sheets -- and encrypts them with an unbreakable encryption key. This locks victims out of their systems.

The victim's computer is useless except to do one thing -- pay the ransom. With some malware, a computer can be booted using a flash drive. This drive has a special operating system and anti-malware software to clean the infected system. But ransomware takes over a computer so thoroughly that it's doubtful a victim can get their operating system back.

And even if a victim can get access to the encrypted files, they will be useless because they are encrypted. To decrypt files and regain access to the system, victims need a decryption key, which is obtained by paying a ransom to the attackers. Ransom is usually demanded in bitcoin or other cryptocurrencies because they are easier to move around.

Learn how Colonial Pipeline operations came to a halt when a ransomware attack infected its systems.

Differences between malware and ransomware

Here is a side-by-side glance of how malware and ransomware function:

Malware Ransomware
Any malicious code designed to do a variety of actions, including damaging files and stealing bank account information. Specifically designed to lock victims out of their computer and files until a ransom is paid.
Delivered in many ways, including email, USB drives, network worms, Trojans and visiting malicious websites. Primary form of infection is targeted email attacks with malicious attachments.
Much malware can be stopped or removed by antivirus software. Extremely hard if not impossible to remove once infected.
Some malware exists just to be a jerk or remotely take over a computer. Ransomware is severe criminal activity because it involves financial blackmail.
It can significantly degrade a computer's performance. It completely takes over a computer.

Protecting against malware and ransomware

Effective antivirus protection should be used at all levels of the enterprise -- including end user computers and servers -- along with a firewall. Effective security means securing all layers of the network, not just the endpoint.

The antivirus market is enormous, and there are many kinds of software to choose from. Choose carefully and thoroughly, getting input from security experts, peers and colleagues. Also, look over AV-Test, a neutral antivirus software test organization.

Another way businesses can protect themselves from a ransomware attack is to create system backups. This enables businesses to restore their data without paying a ransom. 

Above all, businesses must train staff to never open attachments from unknown senders. Good antivirus software scans all attachments when they come into a user's inbox, but if a malicious payload gets through, common sense needs to prevail.

Even if an attachment comes from a known sender, it's a good idea to check and see if that person sent it. A common method of malware replication is to go through an infected user's address book and send malicious code to every address it finds. Ransomware operates like this as well.

Next Steps

17 ransomware removal tools to protect enterprise networks

Prepare and conduct a ransomware tabletop exercise

The history and evolution of ransomware

What is ransomware as a service?

How to prevent ransomware: 6 key steps to safeguard assets

Dig Deeper on Threat management

  • man in the browser (MitB)

    Man in the browser (MitB) is a security attack where the perpetrator installs a Trojan horse on the victim's computer that is ...

  • Patch Tuesday

    Patch Tuesday is the unofficial name of Microsoft's monthly scheduled release of security fixes for the Windows operating system ...

  • parameter tampering

    Parameter tampering is a type of web-based cyber attack in which certain parameters in a URL are changed without a user's ...

  • chief procurement officer (CPO)

    The chief procurement officer, or CPO, leads an organization's procurement department and oversees the acquisitions of goods and ...

  • Lean Six Sigma

    Lean Six Sigma is a data-driven approach to improving efficiency, customer satisfaction and profits.

  • change management

    Change management is a systematic approach to dealing with the transition or transformation of an organization's goals, processes...

  • clickstream data (clickstream analytics)

    Clickstream data and clickstream analytics are the processes involved in collecting, analyzing and reporting aggregate data about...

  • neuromarketing

    Neuromarketing is the study of how people's brains respond to advertising and other brand-related messages by scientifically ...

  • contextual marketing

    Contextual marketing is an online marketing strategy model in which people are served with targeted advertising based on their ...