The Decline of Ransomware and the Rise of Cryptocurrency Mining Malware

ISACA, an international association focused on IT governance, has recently released its annual study “State of Cybersecurity.” The study relates to the year 2018 and is based on feedback provided by 2,366 security leaders. It found that, while in the last year 62% of the respondents experienced ransomware attacks, only 45% of them experienced such attacks in 2018. The data indicate that ransomware attacks may be replaced by a relatively new cybersecurity threat, i.e., cryptocurrency mining malware. In comparison with other types of malware (including ransomware), this type of malicious programs does not aim to encrypt files without authorization, turn off computer systems, or delete important system files. The purpose of cryptocurrency mining malware is to use the computer power of the infected computers for mining cryptocurrencies. Since cryptocurrency mining malware does not have an obvious impact on the infected computers, the users of those computers may not detect it for a long time.

In this article, we examine the reasons for the decline of ransomware (Section 2) and the rise of cryptocurrency mining malware (Section 3). Finally, we provide concluding remarks (Section 4).

After the WannaCry and NotPetya ransomware attacks in 2017, many companies implemented comprehensive ransomware strategies. 78% of the respondents of the study mentioned above adopted such strategies in 2018, whereas only 53% of the respondents in 2017 had such strategies. 2017 was officially declared “the year of ransomware” as a result of more than 90% increase of malware attacks that year.

After facing the strong anti-ransomware measures adopted by many organizations and the raised security awareness regarding ransomware, malware creators decided to focus their attention on new cybersecurity threats. It is worth mentioning that such threat cycles are a common occurrence in the field of cybersecurity. Similarly, to legitimate businesses, malware creators need (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Daniel Dimov. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/eUzMc4qmhx8/