Photo courtesy of Blogiee.com
A couple of weeks ago, we published an article outlining what cryptojacking is, why it’s on the rise, and how it’s garnering significant attention from the cybersecurity world. However, up until a recent study by McAfee Labs, we didn’t completely realize how big cryptojacking has become. According to the study published by McAfee, cryptojacking spiked 1189% in the first quarter of 2018. This staggering rise in activity has allowed cryptojacking to overtake ransomware as the most popular form of cybercrime in the world.
Just as a refresher, cryptojacking (also known as cryptocurrency mining) is defined as “the practice of using JavaScript code to mine cryptocurrencies inside users’ browsers without notifying them in advance or requesting permission.”
Why has cryptojacking become so popular? The obvious reason is that cybercriminals are making money. However, it also takes the “high-risk, high-reward” mantra virtually out of play. Cryptojacking code can go undetected for a long period of time, as the only sign of the code running on a user’s machine is that it’s running slower than normal. Once the code is detected, it’s extremely hard to trace back to the source. On top of that, victims have very little incentive to take the time and resources to trace the code back to the originator since nothing was stolen or encrypted from them.
Besides the ease and low-risk characteristics, the cryptocurrency “boom” we saw at the end of 2017 could quite possibly be the real driving force behind the rise of cryptojacking. While the prices have declined significantly since their peak, historical data of popular cryptocurrencies such as Bitcoin and Monero show us that their values are still extremely high since inception. On January 2nd, Bitcoin and Monero were $900 and $13 per coin. While the highs were nearly $20,000 (Bitcoin) and $394 (Monero) at the end of 2017, they are still priced at $6,700 and $137 per coin as of today. It’s fairly safe to say that if those prices remained where they were at the beginning of 2017, we wouldn’t be talking about cryptojacking to the extent that we are today.
Ransomware: Here to Stay
The process of running a cryptojacking scheme: creating a JavaScript code, embedding the code in a website that infects a user’s machine once they visit the website and then proceeds to mine cryptocurrencies; is quite simple to a seasoned cybercriminal. And while the process of cryptojacking is quite simple, requires very little effort, and is relatively safe, it’s not as profitable on a per-case basis as ransomware. We’ve said this several times, but we’ll say it again, the majority of cybercriminals are in the game to make money.
For this reason, ransomware isn’t going anywhere. In fact, ransomware attacks are only getting more sophisticated. Not sophisticated so much in a way that they are completely changing their codes but more so that hackers are moving away from the “spray-and-pray” techniques to targeted attacks. In the past, spray-and-pray techniques were used via phishing campaigns targeted to infect anyone and everyone. Now, as we have seen with the SamSam ransomware attack on the Atlanta municipal government, hackers are targeting high-profile individuals, businesses, or in this case, governments.
By targeting high-profile individuals, businesses, or governments, hackers can up the ransom demand significantly. For example, the ransom demanded from the Atlanta ransomware attack was $52,000. Atlanta elected not to pay the ransom, however, the time the city spent shut down ended up costing them an estimated $2.8 million. In another case back in January, an entire hospital was infected by a ransomware attack and ended up paying the $55,000 ransom. The hospital did so as they estimated the $55,000 would cost them much less than turning away patients for several days. However, by paying the ransom, the hospital placed an even bigger target on its back, as victims who pay the ransom often become victims again as cybercriminals realize they have an easy target.
It’s a double-edged sword really. Pay the ransom, and you become a huge target for future attacks. Don’t pay the ransom and you are out of business until all your files can be restored from backups.
The Outlook
Yaniv Balmas, malware research team leader at Check Point says it best: “I’ve been hearing a lot of noise of people talking about ransomware as a thing of the past and that it’s now all about cryptocurrency mining. The main lesson we should learn is that this is not true: ransomware is still out there and still very much a threat.” Balmas continues, “The situation can change any minute, any day – it depends on so many factors, and it’s so fragile. We could wake up next week and ransomware could be a huge deal again, so lowering defenses against it isn’t a smart thing to do. We should treat it as big a threat as we did last year.”
We couldn’t have said it better ourselves. While cryptojacking provides an easy, steady stream of income, ransomware is way too successful and profitable to go anywhere.