April 25, 2019

Cryptomining almost ‘extinct’ but business ransomware attacks rocket 500%

By Robert Scammell

Cybercriminals are turning back to ransomware attacks in their droves, with a 500% increase in attacks on enterprises since this time last year.

Data from US cybersecurity firm Malwarebytes shows how cybercriminals are returning to tricking businesses into downloading malicious software with the aim of extorting ransom payments.

Between Q4 2018 and Q1 2019 ransomware attacks increased 195%, as cybercriminals launched a massive Troldesh ransomware – also known as Shade – attack against US organisations.

And it is businesses that are the overwhelming target of cybercriminals, with a 235% increase across all attack methods compared to a year ago.

“This comes as no surprise,” said Andy Baldin, vice president EMEA at IT security firm Ivanti. “When it comes to an enterprise business, a threat actor is able steal a larger quantity of data, such as credit card information or health records, or ransom a large number of systems in order to get a higher payout.

“A consumer would not be willing to pay much to unransom their system, but a business can easily be convinced to pay £50,000 to recover a large number of systems.”

In its Q1 Cybercrime Report, Malwarebytes said that other non-ransomware Trojans continue to pose a dangerous threat to businesses, with Emotet being turned away from consumers towards enterprise.

The banking Trojan, which Malwarebytes describes as “the most fearsome and dangerous threat to businesses today”, steals sensitive information and allows additional malware to be installed.

It has been prevalent for the past year and spiked in January this year. In total, the number of Emotet detections grew from 800,000 to four million year on year.

Cryptomining goes the way of the dodo

While 2017 was seen as the year of ransomware attacks – thanks to high-profile attacks such as WannaCry and NotPetya – the number of attacks declined in 2018. This was largely due to the increase in cryptojacking, which sees criminals trick users into downloading malware that hijacks their computer to mine cryptocurrencies.

However, malicious cryptomining is “essentially extinct”, according to Malwarebytes – a sharp reversal from 2018’s 4,000% increase.

Malwarebytes attributes the recent closure of Coinhive, a mining software notoriously used by malware gangs to carry out cryptojacking, as a key reason why attacks against consumers have dropped.

But it is largely the decreasing value of cryptocurrencies that has put off cybercriminals. Bitcoin, the main cryptocurrency, fell from a January 2018 high of $16,600 to $3,200 in December – making it less profitable for criminals and likely pushed them back to traditional cybercrimes such as ransomware attacks and social engineering.

However, with the Bitcoin price continuing to rally past $5,000, and some experts predicting the price to continue rising, criminals might soon be incentivised to resume cryptomining activities.

Consumer ransomware attacks fall, but no time for caution

The focus on businesses has meant that the cyber threat for consumers has fallen, declining 40% from the previous quarter and 24% year over year.

“Consumers might breathe a sigh of relief seeing that malware targeting them has dropped by nearly 40%, but that would be short-sighted,” said Adam Kujawa, director of Malwarebytes Labs.

“Consumer data is more easily available in bulk from business targets, who saw a staggering 235% increase in detections year-over-year. Cybercriminals are using increasingly clever means of attack to get even more value from targets through the use of sophisticated Trojans, adware and ransomware.”

The report comes as research suggests cybersecurity leaders are facing burnout in the face of the growing and constantly evolving threat landscape.

Cybersecurity firm Symantec and Goldsmiths University surveyed 3,000 senior cybersecurity decision makers in the UK, France and Germany and found that 65% feel they’re being set up to fail, while two thirds feel ‘paralysed’ by the volume of threats they face.

And with 41% feeling a breach is inevitable, there is greater importance on the recovery aspect of a cyberattack.

Marie Clutterbuck, CMO of independent data recovery specialist Tectrade, said:

“IT teams often prioritise stopping a breach occurring at all, but in today’s cyber climate a successful breach is inevitable.

“The most important aspect of cybersecurity is that businesses prepare for the worst and have effective data recovery and backup systems in place.”

Read more: Qbot banking malware is back – and even cybersecurity vendors are infected