Report: Ransomware Falls Off a Cliff, Cryptominers on the Rise

Cryptocurrency is still at the frontier of cybercriminal activity, but the vehicle to exploit it is taking a different form.

That's the conclusion of a new annual report from security researchers at Kaspersky Labs.

Preparing a third annual report on ransomware, Kaspersky noted that year-by-year, double-digit increases in ransomware didn't continue during the most recent study period of April 2017 to March 2018. After an April 2016 to March 2017 period when ransomware was the most significant security story of the year, the trend petered out in this last year.

"We have found that ransomware is rapidly vanishing," according to the Kaspersky report, which is based on anonymized data processed by the Kaspersky Security Network. The report, "KSN Report: Ransomware and malicious cryptominers 2016-2018," was released in late June.

Yet, a new criminal business opportunity made possible by cryptocurrencies is filling the ransomware vacuum. "Cryptocurrency mining is starting to take its place," the report said.

There was a 30 percent drop in the total number of users who encountered ransomware, year over year. Kaspersky logged about 1.8 million users running into ransomware in 2017 to 2018 compared to 2.6 million users the year before.

Conversely, users encountering miners rose nearly 45 percent, from about 1.9 million in 2016 to 2017 to 2.7 million during the year ending this April.

The emergence of cryptocurrencies like Bitcoin enabled an explosion in ransomware by making it relatively efficient and straightforward for criminals to collect untraceable ransom payments from victims. Kaspersky researchers believe many of the same organizations have transitioned to installing cryptomining malware on victim computers to create botnets that they can use to mine cryptocurrencies for profit.

"Miners are a discreet and modest way to make money by exploiting users, and are a far cry from the noisy and very noticeable encryption of victim devices. Instead of the large one-off payout achieved with ransomware, cybercriminals employing mining as a tactic can benefit from an inconspicuous, stable and continuous flow of funds," the report said.

The Kaspersky report is not the first to note the popularity of cryptomining attacks. Malwarebytes Labs in April released a quarterly report showing that cryptomining had shot up to be the second-most common attack threat for both consumers and businesses.

Kaspersky researchers also found effects on businesses. "In 2017 we started seeing botnets designed to profit from concealed cryptomining, and attempts to install miners on servers owned by organizations. When these attempts are successful, business processes suffer at victim companies, because data processing speeds fall substantially," the report noted.

While cryptomining attacks might be on the rise, Kaspersky also cautioned against taking ransomware lightly. "Ransomware is decreasing in volume. However, it is still a dangerous threat," according to the report.

Advising organizations to continue to beware is a good plan, given that the highest-profile recent ransomware attack, against the city of Atlanta, hit just at the tail end of Kaspersky's study period in late March.

Atlanta chose not to pay a ransom worth about $51,000 in cryptocurrency, and the city's mitigation costs so far have topped $2.6 million, according to reports based on public records. Earlier this month, a city official said in a public meeting that the aftermath of the ransomware attack will require another $9.5 million in unanticipated spending.

Posted by Scott Bekker on 07/05/2018 at 7:45 AM