2018 saw a significant and surprising ransomware drop as cybercriminals found better profits elsewhere, according to research published today by IBM X-Force.

Ransomware was the high-profile attack type in 2017, due largely to the likes of WannaCry and NotPetya, which caused damage totalling billions of dollars. However, in 2018 this attack method had fallen out of favour.

According to the 2019 IBM X-Force Threat Intelligence Index, only one ransomware campaign was identified from Necurs, the world’s largest malware spam distribution botnet.

Ransomware, which involves the use of malware that locks a computer until its users pay a ransom fee, has fallen out of favour because, researchers suspect, other more subtle approaches are yielding better financial results.

Ransomware drop in favour of cryptojacking

While researchers saw a ransomware drop, the attack method that rose in use by cybercriminals in 2018 was cryptojacking.

This involves infecting victims’ machines with malware that uses computing power to mine for cryptocurrencies.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

While users are immediately aware that they have become a victim of ransomware, cryptojacking occurs in the background, meaning many users do not realise they have been infected.

As a result, the approach is seen as lower risk and higher reward than ransomware, which combined with some of the surges in value cryptocurrency saw in 2018, may explain why cybercriminals have moved onto this method.

“If we look at the drop in the use of malware, the shift away from ransomware, and the rise of targeted campaigns, all these trends tell us that return-on-investment is a real motivating factor for cybercriminals,” commented Wendi Whitmore, director of IBM X-Force Threat Intelligence.

“We see that efforts to disrupt adversaries and make systems harder to infiltrate are working. While 11.7 billion records were leaked or stolen over the last three years, abusing Personally Identifiable Information (PII) requires more knowledge and resources and attackers are exploring new illicit profit models to increase their return on investment.

“One of the hottest commodities is computing power tied to the emergence of cryptocurrencies. This has led to corporate networks and consumer devices being secretly highjacked to mine for these digital currencies.”


Read more: How IBM’s hyper-realistic Cyber Tactical Operations Center is simulating cyberattacks