The Rise And Fall Of Ransomware And Malicious Miners

The Rise And Fall Of Ransomware And Malicious Miners.jpeg

By Kacy Zurkus

In only a year's time, the number of Internet users who have fallen victim to ransomware or malicious crypto miners has skyrocketed from 1.87 million in 2016 to 2.7 million in 2017, according to a new report from Kaspersky Lab [note: link opens a PDF].

Though ransomware – a form of malicious software that encrypts files on a computer and demands a ransom in order for the owner to regain access to the files – has been around for several years, it particularly made headlines in May 2017 when WannaCry struck. That attack was followed by NotPetya, a global attack that resulted in business outages around the world. Prior to that infamous attack, many attacks used the CryptoWall ransomware followed by CrytoLocker. These were smaller, targeted attacks that crippled small business, predominantly in the healthcare sector.

The Kaspersky Lab report looked at statistics from April 2016-March 2017 and compared them to the same time period spanning 2017-2018. What they found was that malicious crypto mining is growing more popular among cybercriminals; from April 2017 to March 2018, the total number of Internet users victimized by malicious crypto miners increased 44.5% to 2,735,611

While ransomware can provide cybercriminals with potentially large but one-off rewards in a turbulent landscape, miners might make less money out of their victims, but through a more sustainable/longer-term model.
— Kaspersky Lab report

Cryptocurrency mining is the process of creating a currency unit, also known as a coin. Transactions are verified and added to the digital blockchain ledger, which is a chain of successive blocks that hold a record of transactions including who has transferred bitcoins, how many, and to whom. Miners add new blocks to the chain, and in return they are awarded 12.5. bitcoins, which at present is worth about $200,000.

Why So Many Miners?

Verifying the coin means using the computer's processing power, and malicious miners are harnessing the CPUs of their victims' PC and mobile devices for their own cryptocurrency gain.

While the Kaspersky Lab report reflects that the total number of ransomware and malicious crypto miner victims has increased, the 2.7 million figure doesn’t tell the full story. In fact, the number of ransomware attacks actually decreased by nearly a third (30 percent) for PCs and 22.5 percent for mobile. Cybercriminals are more frequently leveraging cryptocurrency mining software, making ransomware nearly obsolete.

Changes in the Threat Landscape

Interestingly, the threat landscape grew more diverse over the course of a year. The major malware groups active in 2016-2017 included Locky, CryptXXX, Zerber, Shade, Crusis, Cryrar, Snocry, Cryakl, Cryptodef, Onion, and Spora. By 2017, WannaCry dominated the ransomware landscape. Not only did the kind of malware used in attacks change, but the geographical locations of the attacks also shifted across the globe.

Image Source:  Kaspersky Lab report

Image Source: Kaspersky Lab report

Turkey, Vietnam, and India saw the greatest percentage of ransomware attacks in 2016-2017, but by 2017-2018, Turkey fell to number 10 on the list with Thailand, United Arab Emirates and Iran reporting the greatest percentage of users attacked with ransomware.

When it comes to mobile ransomware, though, users in the United States are most often the victim. Year over year, the number of users attacked with mobile ransomware fell from 130,232 in 2016-2017 to 100,868 a year later.

However, despite this decline in the total number of users impacted, mobile ransomware Trojans remain a serious threat because they have become much more technically advanced and more dangerous than before.
— Kaspersky Lab report

Mobile miners prefer to target developing rather than mature markets. For two consecutive years, Venezuela and Nepal topped the charts with the highest percentage of users attacked with mobile miners. As markets continue to evolve, miners will continue to spread their attacks across the globe.

In order to defend against new and emerging threats, users need to act with caution when opening any email attachments, and to recover from a ransomware attack without paying the ransom, regularly back up data and keep all software updated on all devices.

Kaspersky also noted that users can leverage tools that automatically detect vulnerabilities and install patches in order to prevent miners and ransomware from exploiting vulnerabilities.

Kapersky offers these 11 points to stand up to ransomware and miners [note: link opens a PDF]:

  1. Treat email attachments, or messages from people you don’t know, with caution. If in doubt, don’t open it.
  2. Back up data regularly.
  3. Always keep software updated on all the devices you use. To prevent miners and ransomware from exploiting vulnerabilities, use tools that can automatically detect vulnerabilities and download and install patches.
  4. For personal devices, use a reliable consumer security solution and remember to keep key features switched on.
  5. If you’re a business, enhance your preferred third party security solution with a free anti-ransomware tool (see below for more information).
  6. For superior protection use an endpoint security solution that is powered by behavior detection and able to roll back malicious actions.
  7. Carry out regular security audits of your corporate network for anomalies.
  8. Don’t overlook less obvious targets, such as queue management systems, POS terminals, and even vending machines. As the miner that relied on the EternalBlue exploit shows, such equipment can also be hijacked to mine cryptocurrency.
  9. Use application control to track malicious activity in legitimate applications. Specialized devices should be in Default Deny mode. Use a dedicated security solution that includes these functions.
  10. To protect the corporate environment, educate your employees and IT teams, keep sensitive data separate, restrict access, and always back up everything.
  11. Last, but not least, remember that ransomware is a criminal offence. You shouldn’t pay. If you become a victim, report it to your local law enforcement agency.

About Kacy Zurkus

Kacy Zurkus is a freelance InfoSec and cybersecurity writer who contributes to a variety of publications on topics related to security, risk, privacy, education, security awareness, and workforce diversity. She covers daily news for Infosecurity Magazine and is a regular contributor to Security Boulevard and IBM's Security Intelligence. Kacy has also contributed to CSO Online, CIO Magazine, Parallax Secuirty News, K12 Tech Decisions.

More About Kacy