July 04, 2018
WannaCry and NotPetya helped make 2017 the year of ransomware. But while there's been a shift towards cryptojacking attacks, file-encrypting malware is adapting and is still potent.
Last year, high-profile incidents like the WannaCry ransomware outbreak made the file-encrypting malware internet enemy number one.
WannaCry was not alone of course: the NotPetya attack followed just weeks later, and this was followed by a third -- albeit much smaller -- ransomware outbreak dubbed Bad Rabbit which hit Russia and Eastern Europe in September.
And all the while other, less high-profile ransomware attacks have occurred on a regular basis, causing trouble for organisations around the world, like the Locky ransomware which disrupted the networks of a hospital. Other ransomware, like Cerber ransomware, was available 'as-as-service' to almost anyone who wanted to make money this way.
But as 2017 went on the impact of ransomware dwindled. Detections of Locky, Cerber and other long-standing ransomware families massively declined.
Indeed, Kaspersky Lab's latest Kaspersky Security Network report claims that ransomware as a whole is "rapidly vanishing" with a 30 percent decline in ransomware attacks between April 2017 and March 2018 compared with the same period the previous year.
And a recent threat report by McAfee Labs also suggests a drop in the detection of ransomware attacks -- putting the decline at 32 percent. There appears to be a clear trend here -- that the number of ransomware attacks and the number of ransomware families is dropping off.
"A year ago we probably had four large groups dealing in ransomware, distributing themselves or running an affiliate model, but we've seen those large groups go away. There are a couple remaining, but it's not quite as dramatic during 2017," Keith Jarvis, senior security researcher at Secureworks told ZDNet.
A key factor behind the decline is the rise of cryptocurrency mining malware and low-level cyber criminals shifting their attention to 'cryptojacking' as a simpler, less risky means of illicitly making money.
These cryptojacking attacks involve attackers infecting a PC with malware which secretly uses the processing power to mine for cryptocurrency -- usually the relatively simple-to-mine Monero -- which is deposited into their own wallet.
Unlike ransomware, it's stealthy and so long as the infection isn't discovered, it will continue to deliver the attacker a steady stream of income. The subtle nature of the attack has boosted the popularity of cryptojacking throughout 2018.