Microsoft reports shift from ransomware to crypto miners

Posted 13 March 2018 23:23 CET by Jan Willem Aldershoff

Microsoft today reports it has noticed an increase of attacks involving cryptominers, while the number of ransomware infections has decreased. From September last year, till January this year, the software giant detected an average of 644,000 Windows computers each month that encountered a cryptocurrency miner.

These miners are malware variants that use computer resources to mine for crypto coins. While there is a clear increase cryptominers, the number of computers that encounters ransomware declines. This is likely caused by the fact that cryptominers are now distributed through exploit kits, email attachments and fake Flash player updates. Coin mining routines have also been spotted in well-known malware families.

“It’s not likely that cybercriminals will completely abandon ransomware operations any time soon, but the increase in trojanized cryptocurrency miners indicates that attackers are definitely exploring the possibilities of this newer method of illicitly earning money,” according to researchers from Microsoft’s Windows Defender Research department.

The switch to cryptominers will also mean they will show similar behavior as other known threats, according to the researchers. An example is the worm NeksMiner.A that copies itself to mapped network drives, and removable drives, to continue to spread, similar to other malware.

Besides malware, Microsoft also sees an increase of cryptominers on websites. Browser-based coin miners use the visitor’s computer resources to mine for cryptocurrencies. Cybercriminals appear to have setup numerous video streaming websites with the main purpose of running coin miners. But also compromised websites in which crypto mining scripts are injected are more frequently found.

Another threat comes from employees that secretly install crypto miners on their work computers. Especially for companies with a lot of computer power, it’s tempting for employees to install crypto miners.

“While the presence of these miners in corporate networks don’t necessarily indicate a bigger attack, they are becoming a corporate issue because they consume precious computing resources that are meant for critical business processes. Miners in corporate networks also result in additional energy consumption, leading to unnecessary costs,” according to the Microsoft researchers.

The company concludes that it has various solutions to detect and block crypto-mining scripts such as Windows Defender AV for consumers and Windows Defender Advanced Threat Protection for enterprises.

Related content

Comment on this news item