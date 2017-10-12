What common misconceptions do most people have about malware/ransomware? originally appeared on Quora: the place to gain and share knowledge, empowering people to learn from others and better understand the world.

Answer by IBM Security, Outthink security threats with intelligence, integration, and expertise, on Quora:

Michelle Alvarez, IBM Threat Researcher and Editor:

“Gil Shwed's list of misconceptions is pretty extensive and thorough. I just have a couple of misconceptions to add and one stems from one he lists: ‘There are thousands of devastating ransomware types out there.’ Since ‘the general trend of ransomware is on a rise’ and ‘people hear all the time about ransomware [whereas just a few years ago, they may have never heard of it]’, another common misconception is that ransomware is a ‘new’ threat.

People are very surprised to find out that this malware has been plaguing us for some time. In fact, the first known malware ransom attack, dubbed the ‘AIDS Trojan’ was written in 1989. Almost three decades ago! What's changed? Like many threats, ransomware has grown in sophistication and has gone from being a concern to a few individuals and small businesses to causing destruction across large enterprises as was the case with WannaCry ransomware.

Another misconception with malware is that the only infection vectors for malware are a malicious link or attachment sent via email.

If individuals are only concerned with links or attachments in an email, then they are potentially opening themselves up to infection through other vectors. Other potential infection vectors to consider include:

1. Drive-by downloads: These typically exploit vulnerabilities affecting a browser, app, or operating system. The scenario might be an individual visits a legitimate web page that's been compromised, unintentionally downloading malware onto their computer or malware device.

2. USB drives: Not plugging a random USB drive into your laptop may seem like common sense to many, but a study conducted in 2016 revealed that there's a large percentage of the population that may not be aware of the dangers in doing so.

3. Mobile Apps: The mobile malware risk is alive and well. Consumers should be downloading from public app stores such as the Apple AppStore or Google Play. Enterprises should assess whether adopting an enterprise mobility management (EMM) solution is right for them.”

Any information IBM provides is not legal advice.