Cryptojacking Rises as Ransomware Declines, Cyber Security Researchers Find

Two of the leading international cyber security firms, one from Russia and one from the USA, have both published their finds at the end of June showing an increase in the malware threats market share of cryptojacking at the expense of ransomware

New Crypto Crime Top Dog

Kaspersky Lab, the Moscow, Russia-headquartered cyber security firm, has determined that cryptojacking has taken the place of ransomware as top cyber bad dog in 2018. Their data shows that the number of users attacked by ransomware is in serious decline, the figure dropped by nearly half, from 1,152,299 in 2016–2017 to 751,606 in 2017–2018. Over the same two-year period, cryptojacking incidents rose in total number, from 1.9 million to 2.7 million, as well as in share of all cyber threats detected, from 3% to 4%.

“Crafty cryptominers have moved up to take ransomware’s place, invading users’ and businesses’ computers and devices and taking advantage of their power to put cryptocurrency in the pockets of thieves. Whereas ransomware enters with a flourish and freaks out its victims, cryptominers strive to remain hidden — the longer they toil, the greater the perpetrators’ profit — and as a result, victims may not notice them for a time,” Kaspersky Lab researchers explained.

McAfee Labs, the Santa Clara, California-headquartered cyber security firm, also determined that ransomware has been dethroned by cryptojacking. It found that cryptojacking malware grew a whopping 629% to more than 2.9 million known samples in Q1 2018 from about 400,000 samples in Q4 2017. At the same time, new ransomware samples saw a significant decrease in Q1 2018, falling 32%.

“Compared with well-established cybercrime activities such as data theft and ransomware, cryptojacking is simpler, more straightforward, and less risky. All criminals must do is infect millions of systems and start monetizing the attack by mining for cryptocurrencies on victims’ systems. There are no middlemen, there are no fraud schemes, and there are no victims who need to be prompted to pay and who, potentially, may back up their systems in advance and refuse to pay,” McAfee Labs researchers explained.