Learning Objectives
- Describe how spyware secretly monitors or collects information.
- Describe how adware displays or delivers unwanted advertising.
- Describe how ransomware blocks access to data or systems and demands payment.
- Compare the aims and effects of the three malware types.
Key Terms
- Spyware
- Malware that secretly monitors activity or collects information.
- Adware
- Software that displays or delivers unwanted advertising, sometimes while tracking user behaviour.
- Ransomware
- Malware that prevents access to data or a system, commonly by encrypting files, and demands payment.
- Keystroke
- A key press that spyware may record to collect entered information.
- Monitoring
- Observing user activity without appropriate permission.
- Encryption by ransomware
- Transformation of victim files so that the victim cannot use them without the decryption method.
- Ransom
- Payment demanded in exchange for claimed restoration of access.
- Backup
- A separate copy of data that may support recovery after data loss or ransomware, although backup is not one of the named syllabus solution bullets.

Spyware
Spyware is malware that secretly monitors a user or collects information. It may record keyboard input, observe browsing activity or collect personal and login information.
The user may not notice the monitoring. The aim can be to steal credentials, build a profile of the user or send collected data to another party.
Spyware threatens confidentiality because information is obtained without appropriate permission. Anti-spyware software is specifically included within the syllabus category of anti-malware.
Adware
Adware displays or delivers advertising, often in an unwanted or intrusive way. It may produce pop-up advertisements, redirect the user or insert promotional content.
Some adware tracks activity so that advertisements can be targeted. This creates a link with privacy concerns and can reduce system performance or interfere with normal use.
Not every advertisement is malware. The syllabus threat refers to adware as unwanted software behaviour, particularly when installed without clear informed permission or when it interferes with the user.
Ransomware
Ransomware prevents a user from accessing data or a system and demands payment. A common process is to encrypt the victim’s files so that they cannot be opened normally.
The attacker then displays a ransom demand and claims that payment will lead to restoration. The aim is financial extortion. Payment does not guarantee that access will be restored.
Ransomware primarily affects availability because authorised users cannot access their own data. It can also cause wider disruption if shared files or services are affected.
How Infection May Occur
These malware types can arrive through deceptive downloads, infected attachments, compromised software or exploited vulnerabilities. The delivery method may involve phishing or a Trojan horse, but the malware should be identified by its behaviour once installed.
For example, a fraudulent message may persuade the user to open an attachment. The social engineering and phishing describe the deception, while ransomware describes the malware that encrypts the files.
Protective Measures
Anti-malware that includes anti-spyware can detect and remove known threats. Automated software updates reduce vulnerabilities that malware can exploit. Authentication and access levels limit access to sensitive resources.
Users should check communications, links and unexpected files before acting. Privacy settings can reduce unnecessary information exposure, but they do not replace anti-malware protection.
Spyware, Adware And Ransomware Compared
| Malware | Main Process | Typical Aim Or Effect |
|---|---|---|
| Spyware | Secretly monitors activity or collects information | Steals data or observes the user |
| Adware | Displays or delivers unwanted advertising | Generates advertising exposure and may track behaviour |
| Ransomware | Locks a system or encrypts files and displays a demand | Extorts payment by denying access |
Worked Examples
Identifying Spyware
Question: A hidden program records every key pressed and sends the record to an attacker. Identify and explain the malware.
- Identify secret monitoring.
- Identify collection of typed information.
Answer: It is spyware because it secretly records the user’s keystrokes to collect information.
Ransomware Impact
Question: Files are encrypted and a payment demand appears. State the attack process and the security property mainly affected.
- Name the malware from the encryption and demand.
- Identify that authorised users cannot access their files.
Answer: Ransomware encrypts the files and demands payment. Availability is mainly affected because the user cannot access the data.
Examination Guidance
- For spyware, describe secret monitoring or data collection.
- For ransomware, include both denial of access and the payment demand.
- Do not classify ordinary website advertising automatically as adware.
- Where several threats appear in a scenario, identify each by its own process.
Common Mistakes
- Saying spyware always deletes files.
- Saying adware is any advertisement seen online.
- Describing ransomware as simply stealing a password.
- Claiming payment guarantees recovery from ransomware.
Knowledge Check
1. What does spyware do?
2. What is the main behaviour of adware?
3. How does ransomware commonly deny access to files?
4. What does a ransomware attacker usually demand?
5. Which anti-malware category is specifically named for spyware?