2018 saw a significant and surprising ransomware drop as cybercriminals found better profits elsewhere, according to research published today by IBM X-Force.

Ransomware was the high-profile attack type in 2017, due largely to the likes of WannaCry and NotPetya, which caused damage totalling billions of dollars. However, in 2018 this attack method had fallen out of favour.

According to the 2019 IBM X-Force Threat Intelligence Index, only one ransomware campaign was identified from Necurs, the world’s largest malware spam distribution botnet.

Ransomware, which involves the use of malware that locks a computer until its users pay a ransom fee, has fallen out of favour because, researchers suspect, other more subtle approaches are yielding better financial results.

Ransomware drop in favour of cryptojacking

While researchers saw a ransomware drop, the attack method that rose in use by cybercriminals in 2018 was cryptojacking.

This involves infecting victims’ machines with malware that uses computing power to mine for cryptocurrencies.

While users are immediately aware that they have become a victim of ransomware, cryptojacking occurs in the background, meaning many users do not realise they have been infected.

Do you see impact on recruitment in your company due to COVID-19 pandemic?

View Results

Loading ... Loading ...

As a result, the approach is seen as lower risk and higher reward than ransomware, which combined with some of the surges in value cryptocurrency saw in 2018, may explain why cybercriminals have moved onto this method.

“If we look at the drop in the use of malware, the shift away from ransomware, and the rise of targeted campaigns, all these trends tell us that return-on-investment is a real motivating factor for cybercriminals,” commented Wendi Whitmore, director of IBM X-Force Threat Intelligence.

“We see that efforts to disrupt adversaries and make systems harder to infiltrate are working. While 11.7 billion records were leaked or stolen over the last three years, abusing Personally Identifiable Information (PII) requires more knowledge and resources and attackers are exploring new illicit profit models to increase their return on investment.

“One of the hottest commodities is computing power tied to the emergence of cryptocurrencies. This has led to corporate networks and consumer devices being secretly highjacked to mine for these digital currencies.”


Read more: How IBM’s hyper-realistic Cyber Tactical Operations Center is simulating cyberattacks