Scareware is an evolution of older, social engineering-based attacks that aim to trick users into paying to fix a non-existent problem with their machine. In a classic form, malware will send multiple pop-up warnings that a device is infected with a virus and urge them to download paid-for ‘antivirus’ software in order to get rid of it. At best, this will do nothing, but it is far more likely to simply add additional malware onto the system.
Whether or not scareware should be considered as ransomware is debated, but many of these attacks can be highly disruptive, either flooding the screen with warnings or, in some cases, adding elements of locker ransomware to remove functionality. Therefore, as it disrupts systems until a payment is made, for most victims the impact will be the same.
This tactic often relies on taking advantage of human emotions, so effective cybersecurity training is essential in preventing this type of attack. Ensuring all employees can spot the signs of these attacks, regardless of their level of technical knowledge, is therefore vital.