Crypto-jacking activities, ransomware attacks on the rise, claims McAfee Labs report
The latest McAfee Labs report brings to light significant research on the ever-increasing threat of ransomware and the new family of emerging ransomware. In the first quarter of 2019 itself, the number of ransomware attacks rose by 118% while there were several new classes of ransomware detected as well. The investigation also found out that attackers have become more sophisticated over time and that they are using more innovative techniques to avoid getting caught.
McAfee labs was also the first to discover a new family of ransomware called Antova in January, the ransomware is designed to siphon all files from the victim, before demanding money in lieu of that. The ransomware is being seen as something quite different from what researchers have come across in the past as it is modular in nature and hackers can build more complex ransomware on top of that.
The report further highlights that cybercriminals are still using spear-phishing tactics, but instead of targeting individuals, the main targets are enterprises where a break-in can give better leverage to attackers.
The report highlighted three major, new families of ransomware,
- Dharma: A malware first detected in 2016 which is a variant of CrySiS has been giving nightmares to cybersecurity experts across the globe. Scammers have been successfully releasing new variants of it which are mostly non-decryptable.
- GrandCrab: A malware which uses AES encryption and drops a file labeled “GandCrab.exe” on the
infected system. It is dumped on unsuspected victims through RIG exploit kit.
- Ryuk: The malware was discovered in the first quarter of 2019 and usually targets newspaper printing services in the United Kingdom. McAfee reseach looked at all the aspects of the malware and concluded that it is not state-sponsored and rather, looks to be originated from cybercrime operations.
The increasing trend of crypto-jacking
Apart from increasing cases of ransomware attacks, there have been several cases of crypto-jacking as well. PsMiner, a crypto-jacking tool for mining Monero, has been causing havoc and according to several news sources, this malware has affected more than 850,000 Windows computers.
Another significant malware called CookieMiner targets Apple device users and is used by attackers to mine a fairly unknown cryptocurrency called Koto. This malware is also known to steal sensitive personal information of users from different websites they visit online. Most of these websites are cryptocurrency exchanges and trading platforms, including Binance, Bitstamp, Bittrex, Coinbase, MyEtherWallet, and Poloniex.