Ransomware rebounding in popularity as cryptojacking loses steam

Hackers are going back to the tried-and-true method of simply demanding ransoms be paid in cryptocurrencies, rather than trying to covertly mine them.

Ransomware: The new cost of doing business Atlanta's ransomware attack was just the beginning. Larry Dignan and Bill Detwiler explain why cyber-attacks are the new normal for business.

Ransomware is once again gaining popularity with attackers, as ransomware campaigns increased from 9% in Q4 2018 to 24% in Q1 2019—growth of 167%—according to the Cybersecurity Threatscape report published by Positive Technologies on Thursday. Conversely, cryptojacking or cryptomining—essentially, the covert mining of cryptocurrency on compromised devices—continues to decrease, as the increasing technical complexity required to deploy these campaigns, combined with lower valuations of cryptocurrency, make it a less attractive choice for hackers.

Some 54% of attacks are motivated primarily by access to information, according to the report, with financial gain representing 30%. Hacktivism represented 15%, while cyberwar was only 1%, the report notes. Despite that, governments remain the most targeted industry, at 16%, while healthcare and industrial firms represented 10% of attacks each. Finance, online services, science/education, and hospitality/entertainment firms were tied at 6% each. Notably, officials in Georgia paid a $400,000 bounty in March following a ransomware infection.

SEE: Special report: Cyberwar and the future of cybersecurity (free PDF) (TechRepublic)

Targeting of government organizations by hackers is an outsized problem, with Positive Technologies pointing to the DNSpionage campaign that started in late 2018. According to the report, "Cybercriminals stole credentials for email accounts and other government resources. This classic supply chain attack managed to compromise the accounts of two major DNS providers. However, the attackers' ultimate targets were government institutions in the Middle East. After gaining access to providers' servers, hackers performed a DNS hijacking attack, altering DNS records and redirecting all mail and VPN traffic to an attacker-controlled server."

To limit potential risk, Positive Technologies recommends the use of antivirus software, combined with SIEM solutions and firewalls, as well as using encryption on devices, and two-factor authentication.

For more, check out "New detection method identifies cryptomining and other fileless malware attacks" and "Blockchain projects: 7 mistakes to avoid" on TechRepublic.

Also see

hacker.jpg

zefart, Getty Images/iStockphoto