Key insight
Malware is any software written to work for an attacker once it runs on your device. It almost always gets in through a door you opened or a patch you missed. Ransomware is the modern plague: it turns the encryption that normally protects you into a weapon, locking your files and demanding payment. Paying is a trap. The single most powerful defense is a backup kept offline and actually tested — it turns a company-ending catastrophe into a bad afternoon and makes the ransom irrelevant.
Malware — short for malicious software — is any program written to harm you, steal from you, or spy on you. The most important thing to understand is what happens once it runs: from that moment, your own computer is quietly working for whoever created it, not for you. Everything else in this topic is about the shapes that tool takes, the few ways it slips inside, and what actually keeps you safe — which, for the worst kind, comes down to one humble, powerful thing: a backup kept out of reach.
1 · Software that works for the attacker
Picture a tool an intruder left behind inside your house, one that keeps doing their bidding long after they have gone. That is malware. It might copy your files out to a stranger, record everything you type, or wait silently for a command. It does not matter how it looks on screen or whether you ever notice it; what matters is that a program on your machine now answers to someone else.
2 · The main families
Malware comes in a few well-known families, grouped by what they do. A virus, or its self-travelling cousin a worm, is built to spread, copying itself from file to file or machine to machine like a cold through a crowded room. A trojan is malware in disguise — named after the ancient wooden horse, it hides inside something you actually want (a free game, a cracked program) and reveals its purpose only once you have let it in. Spyware sits quietly and watches, recording keystrokes, screens, or passwords. And ransomware locks up your files and demands money to give them back. Different jobs, one shared idea: a program on your machine that answers to someone else.
3 · How it actually gets in
Malware needs a way in, and the ways are surprisingly few and familiar. The most common by far is you being tricked into opening the door yourself — clicking a link or attachment in a phishing message. A close second is downloading something that is not what it claims to be, quietly carrying a trojan. Another route is physical, like plugging in a USB stick of unknown origin (exactly why attackers sometimes scatter infected ones in car parks). And the last major route needs no trick at all: an unpatched flaw in your software that lets malware install itself automatically. Nearly every path is either a door you opened or a patch you missed — which is good news, because both are squarely within your control.
4 · Ransomware: your files held hostage
Ransomware deserves its own close look, because it has become one of the most damaging attacks in the world, striking hospitals, schools, pipelines, and businesses of every size. Here is the cruel twist: it uses the very same encryption that normally protects you, but turns it against you. Once ransomware runs, it quietly encrypts all of your files — documents, photos, databases — scrambling them into unreadable nonsense. Then it demands payment, usually in hard-to-trace digital currency, for the key that would unscramble them. Your files are perfectly intact but perfectly unreadable, and the attacker holds the only key.
5 · Why paying is a trap
When ransomware strikes, the temptation to pay and make it stop is enormous. But paying is a trap, for several hard reasons. There is no guarantee: you are trusting a criminal to keep their word, and many victims pay only to receive a broken key, or nothing. Paying funds the next attack, financing the very people who will strike again — perhaps you again. And it marks you as an organization that pays, putting a target on your back. This is why security professionals push so hard on being able to recover without paying: the only way to truly rob ransomware of its power is to make the ransom irrelevant, so you can simply restore your files and walk away.
6 · Defending against it on purpose
Defending comes down to a few habits that reinforce each other. Keep software patched, since unpatched flaws are a favourite automatic entry route. Apply least privilege, so even if malware runs, it inherits only the limited access of whatever it infected. Watch for unusual behavior, because a wave of files suddenly being encrypted is often the first visible sign. But the single most powerful defense against ransomware is backups, and one word matters most: offline. A backup ransomware can also reach and encrypt is no backup at all. A backup kept disconnected, out of the attacker's reach, is what turns a company-ending catastrophe into a bad afternoon — you wipe the infected machines, restore from the clean copy, and the ransom demand becomes something you can simply ignore.
7 · What AI changes
Artificial intelligence changes the malware picture mostly by speed and scale, not by inventing something wholly new. It lets attackers write malicious code faster and lets that code mutate constantly, changing its own shape so scanners looking for a known fingerprint struggle to keep up. AI can also craft the perfect phishing lure that delivers the malware. And there is a newer angle: AI agents can become carriers or targets, if an agent with access to your systems is tricked into downloading or running something malicious on your behalf. But the reassuring part is that none of this changes what protects you. Patching, least privilege, watching for odd behavior, and above all keeping offline backups defend just as well against fast, AI-assisted malware as against the slow, handmade kind.
8 · A simple test you can run this week
1. Pick a system, folder, or account you truly could not lose.
2. Find its backup — is at least one copy genuinely offline, out of reach of anything that infects the main system?
3. Actually try restoring one file from it, right now, before you ever need to.
4. If the restore fails, you have no backup — fix that first, while it is still cheap.
The lesson: you cannot prevent every infection, but with offline, tested backups, not one of them has to be a catastrophe.
9 · Glossary — every term, spelled out
- Malware
- Malicious software — any program written to harm, steal, or spy, working for an attacker once it runs on your device.
- Virus / worm
- Malware built to spread by copying itself; a worm travels between machines on its own.
- Trojan
- Malware disguised inside something you want, revealing its purpose only after you let it in.
- Spyware
- Malware that silently records what you do — keystrokes, screens, passwords — and sends it away.
- Ransomware
- Malware that encrypts your files and demands payment for the key, turning encryption against you.
- Offline backup
- A backup kept disconnected and out of reach of the systems it protects, so an attack cannot encrypt or destroy it too.
- Least privilege
- Granting only the access a task needs, so malware that runs inherits only limited reach rather than the whole network.
Malware is software that works for the attacker once it runs — and it almost always enters through a door you opened or a patch you missed.
Ransomware weaponizes encryption, locking your files and demanding payment; paying is a trap with no guarantee.
The strongest defense is a backup kept offline and out of reach — and actually tested.
AI speeds malware up, but patching, least privilege, and offline backups still defend you just as well.
References
- NIST Special Publication 1800-25 / 1800-26, Data Integrity: Identifying and Protecting / Detecting and Responding to Ransomware and Other Events, National Institute of Standards and Technology. nccoe.nist.gov
- CISA, #StopRansomware Guide, Cybersecurity & Infrastructure Security Agency. cisa.gov
- This guide’s Backups & Recovery, Explained From Zero — the 3-2-1 rule and tested offline backups in depth.
- This guide’s Patch & Vulnerability Management, Explained From Zero — closing the unpatched-flaw entry route.