Ransomware threatened billions of computers during 2017, hijacking the functionality of the infected computer until the user paid a certain amount, usually in Bitcoin (BTC), to restore system performance. This type of attack is a business model for cybercriminals, who amassed large quantities of BTC with this kind of extortions. However, over the past year, the profitability of malicious ransomware attacks has been outperformed by hidden cryptocurrency mining malware (cryptojacking), says Kaspersky Lab.
According to the report “Ransomware and Malicious Cryptojacking 2016-2018”, recently released by cyber security company Kaspersky Lab, cybercriminals are migrating to cryptojacking for “being a more sustainable business model over time” than a malicious attack with ransomware can be.
The report notes that Ethiopia, Afghanistan, and Turkmenistan were the three countries most targeted by cryptocurrency mining malware between 2017-2018, accounting for 31%, 29%, and 24%, respectively, of the total number of countries targeted by cryptojacking during the before-mentioned period.
The increase in the number of attacks with mining malware almost doubles the figures recorded in 2016, to over 1.87 million, as Kaspersky Lab estimates that there were 2.7 million cryptocurrency mining malware attacks on computers in 2017 alone.
Bitcoin (BTC) is commonly used by ransomware attacks, while hidden cryptocurrency mining malware uses Monero (XMR) more
It should be noted that malicious cryptojacking attacks on mobile devices maintained a different geographical concentration than attacks on computers. As for mobile cryptocurrency mining malware, the country with the highest percentage of people affected was Venezuela.
The growth in attacks on mobile devices was 168% for Venezuela, 90% for Nepal, and 215% for Turkmenistan, which ranks as one of the countries most attacked by malicious miners on both computers and mobile phones. Also, the increase in the mobile threat in China increased by 1,287% in the last year, an alarming figure, especially considering the number of potential victims from the world’s most populous country.
In the case of ransomware, Bitcoin (BTC) is the most used digital currency, while Monero (XMR) is the one that attracts cryptojacking because it is much easier to mine. In fact, all hidden cryptocurrency mining malware based on the Coinhive code process Monero (XMR) transactions, occupying the processing capacity of the device in which they are hosted.