Home > Cyber News > Q1 2018 Malware Report: Ransomware Dethroned by Cryptominers

Q1 2018 Malware Report: Ransomware Dethroned by Cryptominers

The first quarter of 2018 has already passed, and security researchers were able to draw some important conclusions. It appears that during the first three months of this year, ransomware was finally dethroned. The new most prevalent cybersecurity threat is now cryptomining, to no one’s surprise, really. The statistics come from Comodo’s Global Malware Report Q1 2018.

Related Story: Malware Trends 2018: How Is the Threat Landscape Shaping?

Ransomware No Longer Number 1 Threat

Ransomware has long been the most widespread infection attacking users worldwide and compromising their private data. Now, cryptominers have become the most prevailing infection. However, it is not Bitcoin that is in the spotlight of malicious crypto mining but Monero, researchers found.

Researchers from Comodo have been following cryptominers, and concluded that the biggest increase in these infections started in 2017 shortly after Bitcoin’s price skyrocketed to $20,000. The infection tendency continued with the beginning of 2018 when the market cap of cryptocurrencies reached $264 billion. This is the milestone that shifted the attention of cybercriminals from ransomware to cryptomining.

During Q1 2018, Comodo Cybersecurity detected 28.9 million cryptominer incidents out of a total of 300 million malware incidents, amounting to a 10% share. The number of unique cryptominer variants grew from 93,750 in January to 127,000 in March. At the same time, the data shows this criminal attention came at the expense of ransomware activity, with new variants falling from 124,320 in January to 71,540 in March, a 42% decrease.

More specifically, Monero miners have become attackers’ favorite tools. And that’s not surprising at all – cybercriminals have been choosing Monero over Bitcoin for several reasons.

Related Story: Why Cybercriminals Are Ditching Bitcoin for Altcoins

Since the beginning of 2017 Monero has been growing steadily. Monero (XMR) is perhaps the most untraceable cryptocurrency, and it has been developed with privacy in mind. It is open-source and freely available to all. With Monero, you are your own bank. According to Monero’s official website, only you control and are responsible for your funds, and your accounts and transactions are kept private from prying eyes.

Monero was launched in 2014, and it offers enhanced privacy features. It is a fork of the Bytecoin codebase which uses identity-obscuring ring sugnatures. This is how the cryptocurrency conceals which funds have been sent in both directions – to whom and by whom.

Monero’s privacy-centered features ideally serve cybercriminals’ purposes, as it hides their transactions, cannot be tracked or blacklisted. Monero also creates blocks every two minutes which gives criminals more opportunities for attacks. Monero is also perfect for mining on average user machines.

As a result, numerous Monero miners have been detected in the wild exploiting the resources of users’ computers worldwide. Here are several examples:

Other Malware Trends from Q1 of 2018

Password, Data Stealers

Besides cryptominers, password stealers have become more sophisticated than before. Comodo researchers observed the trend of credentials stealers being added to malware. This means that criminals are very interested in collecting passwords and login details. The team analyzed new variants of the well-known Pony Stealer malware which has demonstrated new capabilities in stealing data, and had become stealthier than before.

Ransomware Resurgence

Even though ransomware is not the most widespread threat right now it doesn’t mean that ransomware operators will leave things at that.

Ransomware attacks led the malware market in previous quarters, but showed a radical decrease in the number of overall detections, likely due to the shift to the low-hanging fruit of cryptominers, researchers said in their report. The number of ransomware infections dropped from 42% in August 2017 to just 9% in February 2018. Nonetheless, Comodo says that both users and security experts should prepare for new ransomware attacks, where the focus may be data destruction like in the NotPetya case.

Related Story: Australia to Brief Political Parties on Cyber Threats

Geopolitical Attacks

Geopolitical malware detections correlate with current events around the world, the report found out. In Q1 2018, there were potential geopolitical correlations related to national elections in China and Russia. Comody says that there were correlations in Egypt, India, Iran, Israel, Turkey and Ukraine relative to military operations, along with other trends across Europe, Asia and Africa.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree