Ransomware has been abandoned in favor of cryptojacking attacks against the enterprise

As company defenses improve, criminals are looking for ways to secure a return on their illicit schemes.
Written by Charlie Osborne, Contributing Writer

Ransomware is falling in popularity as cyberattackers look for other ways to earn a criminal living out of compromising enterprise companies, with cryptojacking now capturing the interest of these individuals worldwide.

Ransomware is a virulent form of malware. Variants including WannaCry, CryptoMix, GandCrab, and Ryuk are able to encrypt infected systems and discs, as well as throw up barriers to content and prevent PCs from operating properly. In order to turn a profit from these malware infections, hackers demand a payment -- usually made in cryptocurrency -- in return for a key which may or may not decrypt infected systems.

In recent years, we have seen the catastrophic effect ransomware can have on businesses worldwide. 

However, now alert to the financial and operational damage this malware is capable of, organizations are protecting themselves more effectively from ransomware, and cybersecurity firms are constantly developing software to provide free alternatives to unlock systems infected by ransomware.

These changes have pivoted cybercriminals away from ransomware in favor of easier alternatives which can still turn a profit.

On Tuesday, the research team from IBM Security released the 2019 IBM X-Force Threat Intelligence Index, which says that there are two major shifts taking place in today's cybercriminal world -- the move away from ransomware and a decreased reliance on malware in general when it comes to direct attacks.

See also: DrainerBot infected apps play invisible videos to drain your data

According to the report, there has been a "significant decline" in the use of ransomware against the enterprise, with only one major spam-based ransomware attack recorded through the Necurs botnet by IBM across 2018.

In total, ransomware attacks declined by 45 percent in Q4 2018 in comparison to Q1 2018, whilst cryptojacking attack attempts quadrupled by 450 percent in the same timeframe.

TechRepublic: 5 workplace technologies that cause the most employee data breaches

"If we look at the drop in the use of malware, the shift away from ransomware, and the rise of targeted campaigns, all these trends tell us that return-on-investment is a real motivating factor for cybercriminals," said Wendi Whitmore, Director of IBM X-Force Threat Intelligence. " [...] Personally Identifiable Information (PII) has started to lose its value, and new illicit profit models are being explored, [and] one of the hottest commodities is computing power tied to the emergence of cryptocurrencies. This has led to corporate networks and consumer devices being secretly hijacked to mine for these digital currencies."

In addition, the report found that there has been an increase in the abuse of system tools, rather than malware, to attack the enterprise. IBM says that over half of cyberattacks -- 57 percent -- leveraged common applications such as PowerShell and PsExec during 2018, but malware remained popular for advanced persistent threat (APT) groups.

CNET: California bill would require companies to let you know if your passport number is stolen

The misconfiguration of public-facing systems, such as the use of default credentials or exposed databases, is also still an issue for companies when it comes to cybersecurity. According to IBM, publicly-disclosed misconfiguration incidents has increased by 20 percent year-over-year.

These are the worst hacks, cyberattacks, and data breaches of 2018

Previous and related coverage

Editorial standards