Short for "malicious software" — any program or code intentionally designed to damage, disrupt, or gain unauthorized access to computer systems, networks, or data.
Malware is the umbrella term for all malicious software, including ransomware, trojans, worms, spyware, adware, rootkits, keyloggers, and fileless malware. Each type serves different objectives — from stealing data and credentials to encrypting files for ransom or establishing persistent backdoor access for future attacks. In the ransomware context, multiple types of malware are often used in a single attack chain: a phishing email delivers a trojan loader, which downloads a backdoor for persistent access, which then deploys the ransomware payload.
Modern malware has become increasingly sophisticated. Fileless malware operates entirely in memory, leaving no files on disk for traditional antivirus to detect. Polymorphic malware changes its code with each infection to evade signature-based detection. Living-off-the-land techniques use legitimate system tools (PowerShell, WMI, PsExec) to carry out malicious actions, making detection even more challenging because the tools themselves are not malicious.
Ransomware attacks typically involve multiple malware components working together. Initial access tools like Emotet, QakBot, or IcedID deliver the first foothold. Post-exploitation frameworks like Cobalt Strike provide the attacker with command-and-control capabilities, lateral movement tools, and credential harvesting. Finally, the ransomware payload itself (LockBit, BlackCat/ALPHV, Cl0p, Play) handles the actual encryption and ransom demand. Understanding this layered approach is essential for building effective defenses — stopping any single component breaks the kill chain.